7 audit administration, Audit administration 2–61, Table 2-12 – FUJITSU SPARC M4000 User Manual
Page 117: Audi, Section 2.2.7, “audit administration, Collecting audit data
Chapter 2 Setting Up XSCF
2-61
2.2.7
Audit Administration
Audit administration is used to specify logging of access details, such as which users
logged in to XSCF, their login times, and the operations that they executed. In the
server, the default access audit setting is enabled. The main audit settings include
the access audit enable/disable setting (see
) and audit trail management
method (see
Collecting Audit Data
The server controls the audit module of XSCF firmware to provide an audit trail.
When related event information is obtained, the XSCF firmware collects audit
information as follows:
1. Audit event data is logged in the form of audit records (see
2. The audit records are stored in order by date in the local audit files of the XSCF
firmware (see
).
3. The audit files are linked and become an audit trail (see
4. Audit records are thus kept as an audit trail so that the user can refer to the Audit
trail (see viewaudit (8) ).
lists terms used in audit administration.
TABLE 2-12
Audit Administration Terms
Term
Description
Audit
Function for auditing system access. It is also called auditing.
Audit event
Security-related system action that can be audited.
Multiple audit events can be specified with values or names.
(Example: AEV_LOGIN_SSH, LOGIN_SSH, 0, all)
Audit class
Group of audit events related to one another.
(Example: Audit events in the login audit class: SSH login, telnet login, https login,
logout) Multiple audit classes can be specified. (Example: ACS_AUDIT, AUDIT, 2, all)
Audit record
One audit record is information specifying one audit event. An audit record contains
an event, the event time, and other related information.
Audit records are stored in audit files.
Audit file
This is also called an audit log file. One audit file (log file) contains multiple audit
records.