Audit zones are logical groups of audit managers, agents for Privileged Account Manager, and managers for Privileged Account Manager. You can configure audit zone for your domains. Audit zones consist of audit managers, to which audit data is sent by hosts. For example, if you configure audit zone as ‘AZDOM1’ for domain1, all the hosts in domain1 will send their audit data to audit managers of AZDOM1. Advantage of configuring audit zone for your domain is audit data can be sent only to the audit managers of your domain. This helps in restricting who can receive audit data of your domain, in terms of geographical and organizational demographics. It also helps avoid huge amount of data being sent to all the audit managers.
By default, audit zone of all the domains, agents for Privileged Account Manager, and managers is audit zone 0. This means that audit data is sent to all the audit managers. You can configure audit zones for domains, with one or more audit managers. If you have not configured audit zone for your domain, audit data of your domain will be sent to audit managers of audit zone 0.
IMPORTANT:There should be at least one audit manger in audit zone 0 at all times. This is necessary because, if there are no audit managers in the audit zone of any domain, then audit data of that domain is sent to audit zone 0. This prevents the loss of audit data.
If you move a host or a sub-domain from a domain to another, the audit zone of that host or sub-domain automatically changes to the audit zone of the domain to which it is moved.
If the audit managers of your audit zone are down, audit data is not sent to audit managers of audit zone 0. Instead, audit data is accumulated in the agent for Privileged Account Manager and sent to the audit managers of your audit zone when they are up.
If you move an agent host, that is an audit manager, from a domain to another during a session, the session audit data is still sent to that audit manager. This is to avoid loss of audit data. Any new session data will be sent to audit managers as per the new settings.
Here are few recommendations for configuring audit zones:
Each audit zone should have more than one audit managers.
If you have enabled video off-loading, ensure that each audit zone has one video off-loading agent.
Start using Audit Zones feature only after you have upgraded all your agents for Privileged Account Manager and managers to version 3.0.
To view the audit zone configuration information:
On the home page of the console, click Hosts.
In the navigation pane, select Hosts.
Click Audit Zones Configurations in the task pane.
Audit zone information is displayed, as shown in the following table.
|
Audit Zones |
Name of the audit zone. |
|
Audit Managers |
Audit managers that belong to the audit zone. |
|
Domains |
Sub-domains that are in the domain. |
Click Close to go back to the Hosts home page.