Audit logging is intended to provide a record of all activities, so that:
Checks for suspicious activity can be performed periodically.
The scope of suspicious activity can be determined
Audit logs are especially important for financial institutions that are monitored by regulators.
Audit information on VNX for block systems is contained within the event log on each SP. The log contains hardware and software diagnostic information as well as audit information. It contains a time-stamped record for each event, and each record contains the following information:
Event code
Description of event
Name of the storage system
Name of the corresponding SP
Hostname associated with the SP
The storage management server adds audit records to the event log. An audit record is created each time a user logs in, enters a request through Unisphere, or executes a Secure CLI command. Each audit record is time-stamped, and identifies the following additional information for each request:
Requestor (Unisphere username)
Type of request
Target of request
Success or failure of request
The storage management server also restricts the ability to clear the audit log to administrators and security administrators only. Whenever the log is cleared by an authorized user, an event is logged to the beginning of the new log. This prevents users from removing evidence of their actions.
All service actions that the RemotelyAnywhere tool performs are also logged. These include logins/logouts, failed logins, file transfers, file modifications, and SP reboots.
SP event logs on VNX for block systems can store only a fixed number of events and will wrap if that limit is exceeded. This may take days, weeks, months, or years depending on the logging activity. Therefore, if the security requirement is to keep all logs for a set period of time, you will need to archive the logs from the VNX for block system on a regular basis. You can do this with the CLI
getlog command, but a much more integrated method is to use the
log to system log option of the Event Monitor template to log events to the Windows system log. You can then archive these logs as required.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\