IBM Director Server Auditing Administration window

This topic describes the IBM Director Server Auditing Administration window.

Introduction

The IBM Director Server Auditing Administration window allows you to perform the following tasks:
  • Enable and disable auditing on the IBM Director Server
  • Select which audit records to log (by choosing which categories to enable)
  • View and change the current audit settings
  • View and delete the current audit logs

Fields

Enable Auditing
You can select this check box to enable auditing on the IBM Director Server.
Available categories
A list on the left side of the window that contains categories that can be audited, but are not currently selected for auditing. You can use the arrow buttons to move items between the Available categories and Selected categories lists.
Selected categories
This list on the right side of the window shows all of the categories that are selected for auditing. If you select to enable auditing for the first time, all of the available categories are selected by default. You can use the arrow buttons to move items between the Available categories and Selected categories lists.
Auditing categories
The auditing categories that can be selected:
Note: When you select a category to audit, you can expect audit records for significant changes, but not every change that occurs.
CIM
When this category is selected, audit records are logged for actions such as creating, deleting, or modifying a CIM object. Not every CIM operation is audited.
Configuration changes
When this category is selected, audit records are logged for actions such as a restart of the network configuration , an asset configuration change, an SNMP configuration change, or an ASF configuration change.
Command line interface
When this category is selected, audit records are logged for the running and failure of CLI commands.
File read
When this category is selected, audit records are logged for actions such as transferring a file.
Note: If IBM Director Server is running on Windows®, file transfer is not audited.
File write
When this category is selected, audit records are logged for actions such as transferring a file, deleting a file or directory, creating a directory, or renaming a file.
Note: If IBM Director Server is running on Windows, file transfer is not audited.
Remote access
When this category is selected, audit records are logged for actions such as remote control sessions, or a remote session starting or ending.
Remote command execution
When this category is selected, audit records are logged to track whether a command succeeded or if a command failed.
Note: Running a command from the Process Management window using Actions > Execute Command does not generate an audit record in the audit log.
Security
When this category is selected, audit records are logged for actions such as user logon, user logoff, enabling SSL, disabling SSL, enabling encryption, and disabling encryption.
Note: If IBM Director Server is running on Windows, enabling and disabling encryption is not audited.
Task activation/deactivation
When this category is selected, audit records are logged when IBM Director tasks start or end.
User create/delete/modify
If this category is selected for auditing, audit records are written to the audit log for actions such as creating a user, deleting a user, or modifying a user.
Audit log file name
Type the file_name for the audit log. If you want to have more than one file for your audit log, you can use %g in the filename to indicate that you want the oldest records to be moved to a file name with a larger number when an audit log is full. If you choose to audit to more than one file, and do not have %g in the file name, the file number (0, 1, 2...) preceded by a dot will be added to the end of the file name. For example, auditFile will become auditFile.0, then auditFile.1, and so on.
Max file size in MB
Type the maximum file size, in megabytes (MB), for the audit log. The maximum file size you can enter is 2000 MB. If you specify the creation of multiple audit files, the audit log will move the oldest records into a file with a larger number when it reaches this limit. When all of the logs are full, the oldest audit records are deleted automatically from the file with the largest number. The newer records move to the files with the higher numbers to make way for the new audit entries.
Max number of files
Type the maximum number of files you want to create for auditing. The maximum number of files you can create is 99. When all of the audit files are full, the oldest audit records are deleted automatically from file with the largest number. The newer records move to the files with the higher numbers to make way for the new audit entries.
View audit log
You can click this button to view the audit file, beginning with the newest entries in the file with the lowest number.
Delete audit logs
You can click this button to delete all of the audit logs. The audit logs are not saved or archived.
Related tasks
Auditing z/VM Center information

Table of Contents

(C) Copyright IBM Corporation 1999,2005. All Rights Reserved.