Auditing overview
Use the auditing function to store and record activity about administrative and security-related events that occur on the system. The auditing function helps you discover important information about user actions that might affect system integrity, such as who performs the action, when the action takes place, from where the action originates, which resource is targeted by the action, and whether the action is successful.
Capabilities overview
- System configuration and state changes
- User authentication and security token validation
- Attempts at accessing objects that are secured by role based and object-level access control
- Deployment configuration and state changes
You can download audit data in the format of event records.
Business value
With these capabilities you can protect your environment from both internal and external security threats. You can analyze the audit data to determine if and how your infrastructure was compromised. Based on that information, you can develop a strategy of the most effective defensive measures.
Also, your organization can use the auditing function to comply with regulatory laws such as the Health Insurance Portability and Accountability ACT (HIPAA) and the Sarbanes-Oxley (SOX) Act. These laws mandate formal practices not only for protecting data and detecting fraud, but also for documenting your efforts to do so.
Audit data
Cloud Pak System stores audit records in an internal database. When the database nears capacity, audit records are automatically extracted and stored in compressed audit record packages in the file system. At the same time, the audit record package is exported to an external storage server, if one is defined. When the space allocated for record packages nears capacity, Cloud Pak System removes them from the local file system. If the storage server is not defined, this can lead to a loss of security event audit records.
The system exports audit record packages as compressed files. Each compressed file contains two files: a comma-separated values (CSV) file with a list of security records and a checksum file that contains a digital signature of the CSV file. The digital signature helps protect audit records against tampering.
Order of attributes in CSV file | Attribute | Information provided in value |
---|---|---|
1 | Timestamp |
When did the action occur? |
2 | Resource (Component) Type |
To which type of resource or component was the action targeted? |
3 | Action |
What action was performed? |
4 | Resource Identifier |
To which resource was the action targeted? |
5 | User Identifier |
Who performed the action? |
6 | Source Address |
Where did the action originate? |
7 | Additional Data |
What happened? Was the action successful? If not, what caused the failure? |
Additional Data
attribute consists of multiple
name-value pairs that are separated by delimiters.CWZIP1876W Recordpackage push failed due to no external server. Configure a server to save system audits
If
you receive this warning message, configure a storage server or manually download the audit record
packages to another server from the console.Cloud Pak System generates a warning event to alert administrators when the external storage server is not responding. The internal database is designed to store a large amount of data to give administrators sufficient time to address any connection issues with external storage servers.
Administrators can perform tasks in the console to manually generate and download audit record packages from the internal database. Manually retrieving audit record packages occurs in parallel with pushing audit record packages to the external storage server. When you manually retrieve audit record packages from the internal database, and an external storage server is configured, only those audit records that have not been exported to the external storage server are retrieved.
- Click .
- Expand Trace Setting.
- Scroll down to the bottom of the list and click Add trace setting.
- Type recordpackages in the Name: field and set the trace to FINEST in the drop down menu.
- Click OK.
- Click Add trace setting.
- Type records in the Name: field and set the trace to FINEST in the drop down menu.
- Click OK.