HP Hitachi Dynamic Link Manager Software User Manual

2. HDLM Functions

43

The categories of audit log data that can be collected differ depending on the product.

The following sections explain only the categories of audit log data that can be

collected by HDLM. For the categories of audit log data that can be collected by a

product other than HDLM, see the corresponding product manual.

2.12.1 Categories and Audit Events that HDLM Can Output to the

Audit Log

The following table lists and explains the categories and audit events that HDLM can

output to the audit log. The severity is also indicated for each audit event.

ContentAccess

An event indicating that an attempt to access critical data has succeeded or
failed, including:

• Access to a critical file on a NAS or content access when HTTP is

supported

• Access to the audit log file

ConfigurationAccess

An event indicating that a permitted operation performed by the administrator

has terminated normally or failed, including:

• Viewing or updating configuration information
• Updating account settings, such as adding and deleting accounts
• Setting up security
• Viewing or updating audit log settings

Maintenance

An event indicating that a maintenance operation has terminated normally or

failed, including:

• Adding or removing hardware components
• Adding or removing software components

AnomalyEvent

An event indicating an abnormal state such as exceeding a threshold,

including:

• Exceeding a network traffic threshold
• Exceeding a CPU load threshold
• Reporting that the temporary audit log data saved internally is close to its

maximum size limit or that the audit log files have wrapped back around

to the beginning

An event indicating an occurrence of abnormal communication, including:

• A SYN flood attack or protocol violation for a normally used port
• Access to an unused port (such as port scanning)

Category

Explanation