This topic describes the IBM Director Server Auditing
Administration window.
Introduction
The
IBM Director Server Auditing Administration
window allows you to perform the following tasks:
- Enable and disable auditing on the IBM Director Server
- Select which audit records to log (by choosing which categories to enable)
- View and change the current audit settings
- View and delete the current audit logs
Fields
- Enable Auditing
- You can select this check box to enable auditing on the IBM Director Server.
- Available categories
- A list on the left side of the window that contains categories that can
be audited, but are not currently selected for auditing. You can use the arrow
buttons to move items between the Available categories
and Selected categories lists.
- Selected categories
- This list on the right side of the window shows all of the categories
that are selected for auditing. If you select to enable auditing for the first
time, all of the available categories are selected by default. You can use
the arrow buttons to move items between the Available categories and Selected
categories lists.
- Auditing categories
- The auditing categories that can be selected:
註: When you
select a category to audit, you can expect audit records for significant changes,
but not every change that occurs.
- CIM
- When this category is selected, audit records are logged for
actions such as creating, deleting, or modifying a CIM object. Not every CIM
operation is audited.
- Configuration changes
- When this category is selected, audit records are logged for
actions such as a restart of the network configuration , an asset configuration
change, an SNMP configuration change, or an ASF configuration change.
- Command line interface
- When this category is selected, audit records are logged for
the running and failure of CLI commands.
- File read
- When this category is selected, audit records are logged for
actions such as transferring a file.
註: If IBM Director Server is
running on Windows®, file transfer is not audited.
- File write
- When this category is selected, audit records are logged for
actions such as transferring a file, deleting a file or directory, creating
a directory, or renaming a file.
註: If IBM Director Server is
running on Windows, file transfer is not audited.
- Remote access
- When this category is selected, audit records are logged for
actions such as remote control sessions, or a remote session starting or ending.
- Remote command execution
- When this category is selected, audit records are logged to track whether
a command succeeded or if a command failed.
註: Running a command from the
Process Management window using does not generate an
audit record in the audit log.
- Security
- When this category is selected, audit records are logged for actions such
as user logon, user logoff, enabling SSL, disabling SSL, enabling encryption,
and disabling encryption.
註: If IBM Director Server is
running on Windows, enabling and disabling encryption is not audited.
- Task activation/deactivation
- When this category is selected, audit records are logged when IBM Director tasks start or end.
- User create/delete/modify
- If this category is selected for auditing, audit records are
written to the audit log for actions such as creating a user, deleting a user,
or modifying a user.
- Audit log file name
- Type the file_name for the audit log. If you want to
have more than one file for your audit log, you can use %g in the
filename to indicate that you want the oldest records to be moved to a file
name with a larger number when an audit log is full. If you choose to audit
to more than one file, and do not have %g in the file name, the file
number (0, 1, 2...) preceded by a dot will be added to the end of the file
name. For example, auditFile will become auditFile.0,
then auditFile.1, and so on.
- Max file size in MB
- Type the maximum file size, in megabytes (MB), for the audit log. The
maximum file size you can enter is 2000 MB. If you specify the creation of
multiple audit files, the audit log will move the oldest records into a file
with a larger number when it reaches this limit. When all of the logs are
full, the oldest audit records are deleted automatically from the file with
the largest number. The newer records move to the files with the higher numbers
to make way for the new audit entries.
- Max number of files
- Type the maximum number of files you want to create for auditing. The
maximum number of files you can create is 99. When all of the audit files
are full, the oldest audit records are deleted automatically
from file with the largest number. The newer records move to the files with
the higher numbers to make way for the new audit entries.
- View audit log
- You can click this button to view the audit file, beginning with the newest
entries in the file with the lowest number.
- Delete audit logs
- You can click this button to delete all of the audit logs. The audit logs
are not saved or archived.