6.1 Audit Settings

Use this page to control the rollover of the audit database files. The default configuration does not encrypt or roll over the audit databases. If your security model requires you to keep audit records available for years, you need to configure the rollover options and move the rolled-over files to an archive location.

  1. Click Reporting on the home page of the console.

  2. Click Audit Settings in the task pane.

  3. For each audit database file, set the rollover parameters. Rolled-over databases are kept as SQLite databases.

    Time (hours): Specify the time interval for rolling over the audit file. If the time interval is always reached before the maximum size is reached, the time interval is used for rollover and the size restriction is ignored.

    Size (MB): Specify the maximum size the file can reach before the audit file is rolled over. If the file always reaches the maximum size before the time interval is reached, the size restriction is used for rollover and the time interval is ignored.

    Protection: Select none to allow the rollover file to be an unencrypted file or select encrypted to encrypt the audit database.

    Encrypting the file can impact performance of your audit managers. Also, the encrypted file can be decrypted by the Framework Console, but it cannot be displayed on new systems that do not know the encryption keys.

    To configure the encryption keys, click Reporting > Encryption settings.

  4. If you want to zip the rollover files or move them to another location, use the Rollover Script option to specify a Perl script that can perform these tasks. The script is called whenever an audit database is rolled over.

    For example, the following script uses gzip to compress the rolled-over file and enters an error message in the unifid.log file.

    if ($DBGRP eq 'cmdctrl') {
    system("gzip $AUDIT_FILE");
    $ctx->log_error("Audit rollover $DBGRP $AUDIT_FILE");
    } 
    
  5. Click Finish.