COSmanager/User Guide/Audit Trails
This page was last modified 01:38, 26 April 2006.From Documentation
Revision as of 06:28, 18 April 2006 Daniels (Talk | contribs) ← Previous diff |
Current revision Daniels (Talk | contribs) |
||
Line 1: | Line 1: | ||
- | COSmanager provides comprehensive facilities to manage audit trails and log files | + | COSmanager provides comprehensive facilities to manage audit trails and log files produced by COSmanager applications. COSmanager audit trails show: |
- | produced by COSmanager applications. COSmanager audit trails show: | + | *what operations were performed through COSmanager, and by whom |
- | • what operations were performed through COSmanager, and by whom | + | *what configuration changes were made to COSmanager applications, and by whom. |
- | • what configuration changes were made to COSmanager applications, and by | + | |
- | whom. | + | You can also use COSmanager to manage log files produced by other applications or the operating system. |
- | You can also use COSmanager to manage log files produced by other applications | + | |
- | or the operating system. | + | == Auditing COSmanager Duties, Menus and Jobs == |
- | 102 Audit Trails | + | Audit trails provide a historical log of activity in COSmanager applications. For example, attempts to perform a task from the Duty Schedule are logged in the duty_log audit trail, along with: |
- | Auditing COSmanager Duties, Menus and Jobs | + | *the user ID of the person initiating the duty |
- | Audit trails provide a historical log of activity in COSmanager applications. For | + | *the exit status (whether or not the duty succeeded) |
- | example, attempts to perform a task from the Duty Schedule are logged in the | + | *a time-stamp. |
- | duty_log audit trail, along with: | + | |
- | • the user ID of the person initiating the duty | + | Many COSmanager options are logged, in particular those involving adding users, changing privileges, and killing processes. This is done by the audit keyword in the menu description file. |
- | • the exit status (whether or not the duty succeeded) | + | |
- | • a time-stamp. | + | There is also an audit command, which writes a time-stamped message to an audit trail. You can use audit in your own shell scripts to audit various activities outside COSmanager. |
- | Many COSmanager options are logged, in particular those involving adding users, | + | |
- | changing privileges, and killing processes. This is done by the audit keyword in the | + | === Audit Methods === |
- | menu description file. | + | The management of an audit trail is based on an audit method. An audit method describes the commands used to display, archive, compress and expire a family of audit trails. For example, when you view an archived audit trail, COSmanager looks up the archive method for that audit trail to find the Display compress command to use. |
- | There is also an audit command, which writes a time-stamped message to an audit | + | |
- | trail. You can use audit in your own shell scripts to audit various activities outside | + | Audit methods are generally based on the format of the log file. COSmanager comes with several predefined audit methods, for manipulating text files, Oracle logs, Functional Database files, etc. You can add new audit methods for new formats if necessary. |
- | COSmanager. | + | |
- | Audit Methods | + | The audcycle command uses information in the audit method table to determine how to archive each audit trail, and what action to take to expire an archive copy. |
- | The management of an audit trail is based on an audit method. An audit method | + | |
- | describes the commands used to display, archive, compress and expire a family of | + | === Audit Trail Life-cycle === |
- | audit trails. For example, when you view an archived audit trail, COSmanager looks | + | Audit trails are basically files that grow in size, some of them quickly. To help you manage these files COSmanager has facilities to display, archive, compress and remove audit trails. |
- | up the archive method for that audit trail to find the Display compress command | + | |
- | to use. | + | |
- | Audit methods are generally based on the format of the log file. COSmanager | + | |
- | comes with several predefined audit methods, for manipulating text files, Oracle | + | |
- | logs, Functional Database files, etc. You can add new audit methods for new formats | + | |
- | if necessary. | + | |
- | The audcycle command uses information in the audit method table to determine | + | |
- | how to archive each audit trail, and what action to take to expire an archive copy. | + | |
- | Audit Trails 103 | + | |
- | Audit Trail Life-cycle | + | |
- | Audit trails are basically files that grow in size, some of them quickly. To help you | + | |
- | manage these files COSmanager has facilities to display, archive, compress and | + | |
- | remove audit trails. | + | |
Here is a description of the life cycle of a typical audit trail. | Here is a description of the life cycle of a typical audit trail. | ||
- | 1. At the start of each cycle, the audit trail is empty of records. Over time, new | + | #At the start of each cycle, the audit trail is empty of records. Over time, new records are appended to the file. |
- | records are appended to the file. | + | #Each day, usually overnight, the audcycle command is run from the duty schedule. audcycle scans the table of audit trails to find files that are due to be cycled. Cycling involves copying the file to an archive directory and emptying or resetting the current file. |
- | 2. Each day, usually overnight, the audcycle command is run from the duty | + | #audcycle also checks for archive copies of audit trails that have expired. Archives expire either after a set time period, or when a certain number of copies exist. |
- | schedule. audcycle scans the table of audit trails to find files that are due | + | #From time to time an auditor or administrator displays the contents of an audit trail, either the current version or an archived copy. Compressed archives use a different display method than current audit trails. COSmanager looks up the correct display method for the chosen audit trail in the audit method table. |
- | to be cycled. Cycling involves copying the file to an archive directory and | + | #New records are written to the current log file as the cycle begins again. |
- | emptying or resetting the current file. | + | |
- | 3. audcycle also checks for archive copies of audit trails that have expired. | + | == How to Manage Audit Trails == |
- | Archives expire either after a set time period, or when a certain number of | + | Audit trails are a cumulative record of system activity. COSmanager has facilities to display, archive, compress and expire audit trails. |
- | copies exist. | + | |
- | 4. From time to time an auditor or administrator displays the contents of an | + | Audit trails should be set up automatically when you install COSmanager applications. However you can change the details of existing audit trails, or add new ones to manage log files produced by the operating system or applications. |
- | audit trail, either the current version or an archived copy. Compressed | + | |
- | archives use a different display method than current audit trails. COSmanager | + | The routine management of audit trails can be done by running the audcycle command each day, either through duty3g or from cron. |
- | looks up the correct display method for the chosen audit trail in the | + | audcycle detects audit trails that are due to be cycled, copies them to an archive directory and resets the original, then searches for expired archive copies. If there is an expiry action defined in the audit method for these audit trails, audcycle runs the expiry command. |
- | audit method table. | + | |
- | 5. New records are written to the current log file as the cycle begins again. | + | === To display the contents of an audit trail === |
- | 104 Audit Trails | + | #Select View audit trails from the COSmanager configuration menu. |
- | How to Manage Audit Trails | + | #Choose an audit trail. |
- | Audit trails are a cumulative record of system activity. COSmanager has facilities to | + | #COSmanager lists all the versions of the audit trail, including the current file and any archive copies. Choose a version. |
- | display, archive, compress and expire audit trails. | + | |
- | Audit trails should be set up automatically when you install COSmanager applications. | + | COSmanager displays the contents of this version of the audit trail, using one of the display commands defined in the audit method. |
- | However you can change the details of existing audit trails, or add new ones to | + | |
- | manage log files produced by the operating system or applications. | + | === To define a new audit trail === |
- | The routine management of audit trails can be done by running the audcycle | + | #Select Maintain tables from the COSmanager configuration menu. |
- | command each day, either through duty3g or from cron. | + | #Select the ‘Audit Trail Details’ table. |
- | audcycle detects audit trails that are due to be cycled, copies them to an archive | + | #Select Maintain > Add. |
- | directory and resets the original, then searches for expired archive copies. If there is | + | #Enter a name and a description, then fill in the following fields: |
- | an expiry action defined in the audit method for these audit trails, audcycle runs | + | ;File: Enter the name of the file that contains the active audit trail. |
- | the expiry command. | + | :In some cases there is no single file containing the current audit trail. For example, each backup3g job writes a separate log file. If this so then leave File blank and specify the location of the log files in Archive directory. |
- | To display the contents of an audit trail | + | ;Archive frequency: Choose a schedule for when the file should be archived. ‘Daily’ is suitable for most audit trails, especially those that grow quickly. |
- | 1. Select View audit trails from the COSmanager configuration | + | ;Archive directory: Enter the name of the directory where archive copies of this audit trail will be stored. The default is to use the same directory as the original file. |
- | menu. | + | ;Archive file; Enter a template that will generate unique file names for the archive copies. One common method is to generate a time-stamp via the date command. For example: file.`date %y%m%d` generates file names in the form file.YYMMDD |
- | 2. Choose an audit trail. | + | :If File is blank, then it’s not necessary to specify Archive file, as the original logs themselves will be stored in the archive |
- | 3. COSmanager lists all the versions of the audit trail, including the current file | + | |
- | and any archive copies. Choose a version. | + | |
- | COSmanager displays the contents of this version of the audit trail, using one of | + | |
- | the display commands defined in the audit method. | + | |
- | To define a new audit trail | + | |
- | 1. Select Maintain tables from the COSmanager configuration | + | |
- | menu. | + | |
- | 2. Select the ‘Audit Trail Details’ table. | + | |
- | 3. Select Maintain > Add. | + | |
- | 4. Enter a name and a description, then fill in the following fields: | + | |
- | File Enter the name of the file that contains the active audit trail. | + | |
- | Audit Trails 105 | + | |
- | In some cases there is no single file containing the current audit | + | |
- | trail. For example, each backup3g job writes a separate log file. If | + | |
- | this so then leave File blank and specify the location of the log | + | |
- | files in Archive directory. | + | |
- | Archive frequency | + | |
- | Choose a schedule for when the file should be archived. ‘Daily’ is | + | |
- | suitable for most audit trails, especially those that grow quickly. | + | |
- | Archive directory | + | |
- | Enter the name of the directory where archive copies of this audit | + | |
- | trail will be stored. The default is to use the same directory as the | + | |
- | original file. | + | |
- | Archive file Enter a template that will generate unique file names for the | + | |
- | archive copies. One common method is to generate a time-stamp | + | |
- | via the date command. For example: | + | |
- | file.`date %y%m%d` | + | |
- | generates file names in the form file.YYMMDD | + | |
- | If File is blank, then it’s not necessary to specify Archive | + | |
- | file, as the original logs themselves will be stored in the archive | + | |
directory until they expire. | directory until they expire. | ||
- | Archive pattern | + | ;Archive pattern: Enter a pattern that will match all the archive copies in the archive directory and no other files. If the archive directory contains only archive copies, use * as the pattern. |
- | Enter a pattern that will match all the archive copies in the archive | + | ;Retention period/No. of archive copies: When audcycle detects that either the retention period has passed or the maximum number of archive copies already exists, it runs the Expire command defined in the audit method for this audit trail. |
- | directory and no other files. If the archive directory contains only | + | :Note that Retention period and No. of archive copies are mutually exclusive. To enter a value in either field you must first clear the contents of the other. |
- | archive copies, use * as the pattern. | + | :If File is blank you must specify a retention period. |
- | Retention period/No. of archive copies | + | ;Compress archives?: Compression is usually a good idea as it saves disk space. If you select yes, make sure that there is a Display compress command in the audit method, otherwise you won’t be able to view archived copies of this audit trail. |
- | When audcycle detects that either the retention period has | + | ;Audit method: If none of the existing methods is suitable you will need to define a new audit method for this file format. |
- | passed or the maximum number of archive copies already exists, it | + | |
- | runs the Expire command defined in the audit method for this | + | |
- | audit trail. | + | |
- | Note that Retention period and No. of archive | + | |
- | copies are mutually exclusive. To enter a value in either field you | + | |
- | must first clear the contents of the other. | + | |
- | 106 Audit Trails | + | |
- | If File is blank you must specify a retention period. | + | |
- | Compress archives? | + | |
- | Compression is usually a good idea as it saves disk space. If you | + | |
- | select yes, make sure that there is a Display compress | + | |
- | command in the audit method, otherwise you won’t be able to | + | |
- | view archived copies of this audit trail. | + | |
- | Audit method If none of the existing methods is suitable you will need to define | + | |
- | a new audit method for this file format. | + | |
Press Accept to save the new audit trail. | Press Accept to save the new audit trail. |
Current revision
COSmanager provides comprehensive facilities to manage audit trails and log files produced by COSmanager applications. COSmanager audit trails show:
- what operations were performed through COSmanager, and by whom
- what configuration changes were made to COSmanager applications, and by whom.
You can also use COSmanager to manage log files produced by other applications or the operating system.
Contents |
Auditing COSmanager Duties, Menus and Jobs
Audit trails provide a historical log of activity in COSmanager applications. For example, attempts to perform a task from the Duty Schedule are logged in the duty_log audit trail, along with:
- the user ID of the person initiating the duty
- the exit status (whether or not the duty succeeded)
- a time-stamp.
Many COSmanager options are logged, in particular those involving adding users, changing privileges, and killing processes. This is done by the audit keyword in the menu description file.
There is also an audit command, which writes a time-stamped message to an audit trail. You can use audit in your own shell scripts to audit various activities outside COSmanager.
Audit Methods
The management of an audit trail is based on an audit method. An audit method describes the commands used to display, archive, compress and expire a family of audit trails. For example, when you view an archived audit trail, COSmanager looks up the archive method for that audit trail to find the Display compress command to use.
Audit methods are generally based on the format of the log file. COSmanager comes with several predefined audit methods, for manipulating text files, Oracle logs, Functional Database files, etc. You can add new audit methods for new formats if necessary.
The audcycle command uses information in the audit method table to determine how to archive each audit trail, and what action to take to expire an archive copy.
Audit Trail Life-cycle
Audit trails are basically files that grow in size, some of them quickly. To help you manage these files COSmanager has facilities to display, archive, compress and remove audit trails. Here is a description of the life cycle of a typical audit trail.
- At the start of each cycle, the audit trail is empty of records. Over time, new records are appended to the file.
- Each day, usually overnight, the audcycle command is run from the duty schedule. audcycle scans the table of audit trails to find files that are due to be cycled. Cycling involves copying the file to an archive directory and emptying or resetting the current file.
- audcycle also checks for archive copies of audit trails that have expired. Archives expire either after a set time period, or when a certain number of copies exist.
- From time to time an auditor or administrator displays the contents of an audit trail, either the current version or an archived copy. Compressed archives use a different display method than current audit trails. COSmanager looks up the correct display method for the chosen audit trail in the audit method table.
- New records are written to the current log file as the cycle begins again.
How to Manage Audit Trails
Audit trails are a cumulative record of system activity. COSmanager has facilities to display, archive, compress and expire audit trails.
Audit trails should be set up automatically when you install COSmanager applications. However you can change the details of existing audit trails, or add new ones to manage log files produced by the operating system or applications.
The routine management of audit trails can be done by running the audcycle command each day, either through duty3g or from cron. audcycle detects audit trails that are due to be cycled, copies them to an archive directory and resets the original, then searches for expired archive copies. If there is an expiry action defined in the audit method for these audit trails, audcycle runs the expiry command.
To display the contents of an audit trail
- Select View audit trails from the COSmanager configuration menu.
- Choose an audit trail.
- COSmanager lists all the versions of the audit trail, including the current file and any archive copies. Choose a version.
COSmanager displays the contents of this version of the audit trail, using one of the display commands defined in the audit method.
To define a new audit trail
- Select Maintain tables from the COSmanager configuration menu.
- Select the ‘Audit Trail Details’ table.
- Select Maintain > Add.
- Enter a name and a description, then fill in the following fields:
- File
- Enter the name of the file that contains the active audit trail.
- In some cases there is no single file containing the current audit trail. For example, each backup3g job writes a separate log file. If this so then leave File blank and specify the location of the log files in Archive directory.
- Archive frequency
- Choose a schedule for when the file should be archived. ‘Daily’ is suitable for most audit trails, especially those that grow quickly.
- Archive directory
- Enter the name of the directory where archive copies of this audit trail will be stored. The default is to use the same directory as the original file.
- Archive file; Enter a template that will generate unique file names for the archive copies. One common method is to generate a time-stamp via the date command. For example
- file.`date %y%m%d` generates file names in the form file.YYMMDD
- If File is blank, then it’s not necessary to specify Archive file, as the original logs themselves will be stored in the archive
directory until they expire.
- Archive pattern
- Enter a pattern that will match all the archive copies in the archive directory and no other files. If the archive directory contains only archive copies, use * as the pattern.
- Retention period/No. of archive copies
- When audcycle detects that either the retention period has passed or the maximum number of archive copies already exists, it runs the Expire command defined in the audit method for this audit trail.
- Note that Retention period and No. of archive copies are mutually exclusive. To enter a value in either field you must first clear the contents of the other.
- If File is blank you must specify a retention period.
- Compress archives?
- Compression is usually a good idea as it saves disk space. If you select yes, make sure that there is a Display compress command in the audit method, otherwise you won’t be able to view archived copies of this audit trail.
- Audit method
- If none of the existing methods is suitable you will need to define a new audit method for this file format.
Press Accept to save the new audit trail.