WANdisco
Download Call me Whitepaper
 
 
next up previous
Next: 18 Audit Reports Up: WANdisco Access Control Administration Previous: 16 External Authentication database

Subsections

17 Audit Trail Management

With the WANdisco Security Agent, any CVS access (allowed or denied) by the user is logged in an audit trail file. The text file has a complete history of all CVS actions in the following format: 

# Column syntax -
# 0 seq | 1 time | 2 txid | 3 cmd | 4 user | 5 ipaddress | 6 access | 
#                                     7 dir | 8 file | 9 rev | 10 branch

The column description is as following:

Column Number Description
0 Record Sequence Number
1 UNIX Timestamp
2 Transaction Id
3 CVS Command Name
4 CVS User id
5 IP Address of User
6 Access Decision (Allow or Deny)
7 CVS Directory being accessed
8 CVS File being accessed
9 User's File Revision
10 Branch Name

17.1 Configuring Audit properties

The audit trail files are created under cvs-security/audit directory. By default they are automatically rotated upto 10 times when they get to 10MBytes. These defaults can be changed via configuration in config/prefs.xml file: 

<Audit>
  <MaxFileSize>10485760</MaxFileSize>
  <MaxFileCount>10</MaxFileCount>
  <Disable>false</Disable>
</Audit>

The MaxFileSize specifies a size in bytes, MaxFileCount specifies how many files to rotate before recycling the files. By default auditing is enabled in WANdisco Security Agent, it can be turned off by setting Disable to true. To ensure no audit records are lost, please schedule a job (using cron for example) to import the audit records into a SQL database periodically. Inserting in a SQL database also enables complex SQL queries to be made against the audit database.

To create audit files in a different directory just create a symbolic link (cvs-security/audit) to another directory.

17.2 Importing to a SQL Database

The WANdisco Security Agent bundles a tool importauditdb that allows audit records in audit-trail files to be imported to a SQL database. The usage of the import command is as below: 

[admin@smp1 ~/cvs-security]$ bin/importauditdb -h
Usage: 
  importauditdb [-host <db-host>] [-port <db-port>] [-user <db user>]
                [-pass <db user password>] [-db <database to use>]
                -f file-pattern1 file-pattern2 .. file-pattern-N
  Defaults:

  host : localhost
  port : Default DB Port
  user : root
  password :  empty
  Database :  wd_audit_db

The import tool requires Perl::DBI module to be installed. Please run Security_Agent_root/bin/checkdbi to check if the module is installed and correct database driver is available on your system.

Note: Before using import you must create a database (default name is wd_audit_db) on the database server. The import tool will automatically create the table schema in that database, the first time it runs. The import tool uses standard SQL syntax, it makes use of a system function FROM_UNIXTIME, please ensure your database version supports it. MySQL, Microsoft SQLServer support this function.

next up previous
Next: 18 Audit Reports Up: WANdisco Access Control Administration Previous: 16 External Authentication database
Copyright © 2005 WANdisco Sitemap | Privacy Policy | User Agreement | Contact Us