OpenTP1 Version 7 Operation
An auditing policy that utilizes audit logs requires that you retain all the audit logs produced by the system. For this reason, backups must be taken of any audit log files deleted in the course of file rotation, and measures such as stopping the system must be put in place in case audit log acquisition fails. We recommend that these tasks be carried out automatically by using an operation management program such as JP1. By using JP1/NETM/Audit, audit logs located on multiple hosts can be automatically collected and centrally managed.
This section describes examples of working with audit logs by linking with an operation management program such as JP1.
When the destination file for audit log output is changed, a message reporting this fact is output to standard output and syslog. An operation management program such as JP1 can monitor for this message and back up files automatically when it appears.
The following figure shows the process of automatic audit log backup using an operation management program.
Figure 3-23 Flow of automatic audit log backup
An operation management program such as JP1 can monitor for messages that report failed attempts to output audit logs, and stop the system automatically if they appear.
The following figure shows the process of shutting down the system automatically when audit log output fails.
Figure 3-24 Flow of automatic system shutdown when audit log output fails
By using JP1/NETM/Audit as an operation management program, you can collect audit logs automatically, and manage them from a centralized viewpoint. This provides a simple way to retrieve and summarize audit logs gathered from multiple servers, and output the results. The following figure shows an example of the process of collecting and centrally managing audit logs using JP1/NETM/Audit.
Figure 3-25 Example of collecting and centrally managing audit logs using JP1/NETM/Audit
In this example, the audit logs output by a number of OpenTP1 servers to their respective disks are collected automatically by an audit log management server. The audit logs collected by the audit log management server are managed centrally as an audit log management database.
The following table shows the JP1 series products required to link with JP1/NETM/Audit.
Table 3-29 JP1 series products required for linkage with JP1/NETM/Audit
JP1 series product | Function | Location |
---|---|---|
JP1/NETM/Audit | Links with JP1/Base to collect the audit logs output by OpenTP1 servers. Also centrally manages the audit logs it collects as a database on an audit log management server. | Audit log management server |
JP1/Base | Sends and receives the output audit logs as JP1 events. |
|
The automatic collection of audit logs can take place at the following times:
The setup required on the OpenTP1 servers and the audit log management server is as follows:
For details about the collection and centralized management of audit logs by JP1/NETM/Audit, see the manual for JP1/NETM/Audit.
All Rights Reserved. Copyright (C) 2006, 2010, Hitachi, Ltd.