12.8.3 Environment settings for linking the audit trail facility with JP1/Audit

This subsection explains the environment settings for linking the audit trail facility with JP1/Audit.

To link the audit trail facility with JP1/Audit, you must specify the environment settings for both the HADB server and JP1/Audit.

Organization of this subsection

(1) Environment settings for the HADB server
(2) Environment settings for JP1/Audit

(1) Environment settings for the HADB server

As an environment setting for the HADB server, you must prepare the output-directory for common format audit trails.

The following provides notes on creating the output-directory for common format audit trails:

Create the output-directory for common format audit trails on a disk that has at least 4 gigabytes of free space. The following files are stored in the output-directory for common format audit trails:
- Common format audit trail files (adbcommonauditXX.log)
  
  Audit trail information converted by the adbconvertaudittrailfile command is output to these files. A maximum of four files are stored. The XX part in the file name is a sequential number in the range from 01 to 04.
  
  The maximum total size of four common format audit trail files is 2 gigabytes. However, when old common format audit trail files are switched to new ones, the data in the old and new files might temporarily coexist. For this reason, you must prepare a disk that has at least 4 gigabytes of free space.
- Management file for common format audit trails (.adbcommonaudit)
  
  This file is used to manage the common format audit trail files. Only one file is stored.
Note

For details about switching the common format audit trail file, see adbconvertaudittrailfile (Convert the Audit Trail File) in the manual HADB Command Reference.
The length of the full path of the output-directory for common format audit trails must be within 239 bytes including the slash (/) at the end of the path. If the length of the full path is 240 bytes or longer, JP1/Audit cannot set the path correctly.
Assign read, write, and execution permissions to the output-directory for common format audit trails so that the HADB administrator can access the directory.
You might want multiple HADB servers to operate on one server machine when, for example, you test operation. In such a case, prepare a separate output-directory for common format audit trails for each server environment. Multiple HADB servers must not share one output-directory for common format audit trails.

To Page Top

(2) Environment settings for JP1/Audit

JP1/Audit does not handle the HADB server as a program supported by default. Therefore, you must specify the following environment settings:

Set up the event service of JP1/Base.

For details, see (a) Setting up the event service of JP1/Base.
Prepare the definition file for normalization rules.

For details, see (b) Preparing the definition file for normalization rules.
Create the definition file for operational behavior.

For details, see (c) Creating the definition file for operational behavior.
Create the definition file for product behavior.

For details, see (d) Creating the definition file for product behavior.
Edit the definition file for audit-log standard reports.

For details, see (e) Editing the definition file for audit-log standard reports.
Specify the audit log collection target settings.

For details, see (f) Specifying the audit log collection target settings.

For details about how to specify these environment settings, see the JP1/Base User's Guide.

(a) Setting up the event service of JP1/Base

You must set up the event service of JP1/Base. Specify the size of the audit log event database with a proper value according to the number of audit trails output by the HADB server.

If you cannot estimate the number of audit trails converted by a single execution of the adbconvertaudittrailfile command, specify the maximum size of the audit log event database.

(b) Preparing the definition file for normalization rules

You do not need to newly define the contents of the definition file for normalization rules.

The audit trails output by the adbconvertaudittrailfile command to common format audit trail files conform to the common format for Hitachi open middleware products. Therefore, you can use the admrglrule_CALFHM.conf file, which is a standard file provided by JP1/Audit, as the common format definition file for normalization rules.

(c) Creating the definition file for operational behavior

Linkage with JP1/Audit uses the definition file for operational behavior. You must create this file. The creation procedure is as follows.

Procedure:

Copy the sample file for the definition file for operational behavior.

Copy the sample file (admjevlog_HADB.conf) that is stored in the $ADBDIR/sample/jp1audit directory under the server directory. Then, save the sample file (admjevlog_HADB.conf) in the JP1/Audit-Management-Manager-installation-folder\conf\logdef folder.
Confirm the settings in the sample file for the definition file for operational behavior.

You do not need to change the settings in the sample file. Confirm that the following settings are specified.

Settings:
```
retry-times=60
retry-interval=10
FILETYPE=SEQ2
ACTDEF =<Information>1000 "^CALFHM"
```

You might want multiple HADB servers to operate on one server machine when, for example, you test operation. In such a case, you must create the definition file for operational behavior in each server environment. To do so, rename the definition files for operational behavior in the admjevlog_HADB_string-of-your-choice.conf format so that each file name is unique. Note that the values of the string-of-your-choice parts in file names must be shared with the definition files for product behavior (described in (d) Creating the definition file for product behavior).

(d) Creating the definition file for product behavior

Linkage with JP1/Audit uses the definition file for product behavior. You must create this file. The creation procedure is as follows.

Procedure:

Copy the sample file for the definition file for product behavior.

Copy the sample file (HADB.conf) that is stored in the $ADBDIR/sample/jp1audit directory under the server directory. Then, save the sample file (HADB.conf) in the JP1/Audit-Management-Manager-installation-folder\conf\product folder.
Confirm the settings in the sample file for the definition file for product behavior.

You do not need to change the settings in the sample file. Confirm that the following settings are specified.

Settings:
```
AuditLogNum=4
AuditLogName=adbcommonaudit01.log
AuditLogName=adbcommonaudit02.log
AuditLogName=adbcommonaudit03.log
AuditLogName=adbcommonaudit04.log
RegularPattern=admrglrule_CALFHM.conf
ReadOnly=1
```

You might want multiple HADB servers to operate on one server machine when, for example, you test operation. In such a case, you must create the definition file for product behavior in each server environment. To do so, rename the definition files for product behavior in the HADB_string-of-your-choice.conf format so that each file name is unique. Note that the values of the string-of-your-choice parts in file names must be shared with the definition files for operational behavior (described in (c) Creating the definition file for operational behavior).

(e) Editing the definition file for audit-log standard reports

You must edit the definition file for audit-log standard reports. The following shows the procedure for editing the file.

Important: Normally, the definition file for audit-log reports is used for the audit trail information that JP1/Audit collected by using the definition file for normalization rules. However, the HADB server adopts the common format for Hitachi open middleware products. Therefore, you need to use the definition file for audit-log standard reports rather than the definition file for audit-log reports.

Procedure:

Add the following entries to the definition file for audit-log standard reports (admAnalysis.ini) stored in the JP1/Audit-Management-Manager-virtual-directory\conf folder.

Entries

[HADB]
TYPE=Common

Make sure that each line ends with a line break.

(f) Specifying the audit log collection target settings

You must specify the audit log collection target settings. Use the audit log collection manager of JP1/Audit to set the HADB server as the collection target.

The following shows the values that you need to specify in the Set Collection Target dialog box when setting the HADB server as the collection target.

Table 12‒8: Values to be specified in the audit log collection target settings
No.	Item	Value to be set
1	Server	Specify the host name of the HADB server.
2	Program	Select the item that corresponds to the name of the definition file for product behavior from the drop-down menu. For example, if the name of the definition file for product behavior is `HADB.conf`, select HADB. Note that an underscore (_) is replaced by a slash (/).
3	Log folder	Specify the full path name of the output-directory for common format audit trails prepared in (1) Environment settings for the HADB server.
4	Comment	Write a comment freely.
5	Start monitoring audit logs when the OS starts	You do not need to set this item.

Important: Before JP1/Audit can collect the audit trails in common format audit trail files, JP1/Audit must have started monitoring of audit logs. When you finish specifying the environment settings of JP1/Audit, always start monitoring of audit logs. We recommend that you specify the OS settings so that monitoring of audit logs starts when the OS starts.

To Page Top