Managing audit data

FTM SWIFT records the following types of audit data for services that run in FTM SWIFT servers:

Message audit data

You can configure each FTM SWIFT service so that it records, for a particular OU, information about each of the messages that it processes on behalf of that OU. The recorded information is called message audit data, and it is recorded in the message audit log of the OU (see Message audit log).

After installation and initial customization, by default:

The recording of message audit data is enabled for:
- Services that process SWIFTNet messages
- The delete command of the accounting administration service
- The Remote Audit service
The recording of message audit data is disabled for:
- Operation and administration services that process messages created in response to CLI commands, for example, for the MSIF command service
- Custom services that use the DniMessageAudit node (services provided by FTM SWIFT do not use this node).
MQRFH2 headers are included in the message audit data

To improve overall system performance, disable settings that are not required. How to do this is described in Configuring the recording of message audit data.

User audit data

FTM SWIFT records, for a particular OU, audit data each time any of the following occurs:

Someone uses the system configuration administration service (DNI_SYSADM) to approve or deploy a configuration entity for that OU.
Someone uses the security administration service (DNI_SECADM) to approve a security entity for that OU.
The Access Control node denies an attempt to access an entity of that OU.

The recorded information is called user audit data, and it is recorded in the user audit log of the OU (see User audit log).

The recording of user audit data cannot be deactivated.