Configuring the audit log

Ops Center Automator Installation and Configuration Guide
Version
11.0.x
Audience
anonymous
Part Number
MK-99AUT000-24

The audit log provides a record of all user actions on the Ops Center Automator server. The audit log tracks events from several categories such as external services, authentication, configuration access, and start and stop services. By examining the audit log, you can check the system usage status or audit for unauthorized access.

For Windows, the audit log data is output to the event log files (application log files). For Linux, the data is output to the syslog file.

The following table lists and describes the categories of audit log data that can be generated from products that use the Common Component. Different products generate different types of audit log data.

Categories Description
StartStop Events indicating starting or stopping of hardware or software:
  • Starting or shutting down an OS
  • Starting or stopping a hardware component (including micro components)
  • Starting or stopping software on a storage system or SVP, and products that use the Common component
Failure Events indicating hardware or software failures:
  • Hardware failures
  • Software failures (memory error, etc.)
LinkStatus Events indicating link status among devices:

Whether a link is up or down
ExternalService Events indicating the results of communication with external services:
  • Communication with an external server, such as NTP or DNS
  • Communication with a management server (SNMP)
Authentication Events indicating that a device, administrator, or end user succeeded or failed in connection or authentication:
  • Fibre Channel login
  • Device authentication (Fibre Channel - Security Protocol authentication, iSCSI login authentication, SSL server/client authentication)
  • Administrator or end user authentication
AccessControl Events indicating that a device, administrator, or end user succeeded or failed in gaining access to resources:
  • Access control for devices
  • Access control for the administrator or end users
ContentAccess Events indicating that attempts to access important data succeeded or failed:
  • Access to important files on NAS or to contents when HTTP is supported
  • Access to audit log files
ConfigurationAccess Events indicating that the administrator succeeded or failed in performing an allowed operation:
  • Reference or update of the configuration information
  • Update of account settings including addition or deletion of accounts
  • Security configuration
  • Reference or update of audit log settings
Maintenance Events indicating that a performed maintenance operation succeeded or failed:
  • Addition or deletion of hardware components
  • Addition or deletion of software components
AnomalyEvent Events indicating that an anomaly, such as a threshold being exceeded, occurred:
  • A network traffic threshold was exceeded
  • A CPU load threshold was exceeded
  • Pre-notification that a limit is being reached or a wraparound occurred for audit log data temporarily saved internally
Events indicating that abnormal communication occurred:
  • SYN flood attacks to a regularly used port, or protocol violations
  • Access to an unused port (port scanning, etc.)