pandorafms/pandora_console/help/en/chap6.php

<?php

// Pandora - the Free monitoring system
// ====================================
// Copyright (c) 2004-2006 Sancho Lerena, slerena@gmail.com
// Copyright (c) 2005-2006 Artica Soluciones Tecnol<6F>gicas S.L, info@artica.es
// Copyright (c) 2004-2006 Raul Mateos Martin, raulofpandora@gmail.com
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.


?>
<html>
<head>
<title>Pandora - The Free Monitoring System Help - VI. System Audit</title>
<link rel="stylesheet" href="../../include/styles/pandora.css" type="text/css">
<style>
div.logo {float:left;}
div.toc {padding-left: 200px;}
div.rayah {border-top: 1px solid #708090; width: 100%;}
div.rayah2 {clear:both; border-top: 1px solid #708090; width: 100%; padding-bottom: 35px;}
</style>
</head>

<body>
<div class='logo'>
<img src="../../images/logo_menu.gif" alt='logo'><h1>Pandora Help v1.2</h1>
</div>
<div class="toc">
<h1><a href="chap5.php">5. Events</a> <EFBFBD> <a href="toc.php">Table of Contents</a> <EFBFBD> <a href="chap7.php">7. Pandora Servers</a></h1>

</div>
<div class="rayah2"></div>

<a name="6"><h1>6. System audit</h1></a>

<p>The Pandora's system audit shows all the actions performed by each user, as well as the failed logins.</p>

<p>In the actual version of Pandora the system
audit includes actions that somehow try to by pass the security system:
attempts to delete an incident by an unauthorised user, attemps to change user
profiles by unauthoried users, etc. Its main function is, however, to trace the
user connections (login/logout).</p>

<p>The audit Logs can be found in the System Audit option of the Administration menu, ordered chronologicly.</p>

<p>Filters can be applied to the Logs displayed to show only those of interest for the user, selected by the action the Log produces.</p>

<p>The selectable actions are those actions stored in the Data Base at that time.</p>

<p class="center"><img src="images/image049.png"></p>

<p>The following fields display the Audit Logs information:</p>

<p><b>User:</b> User that triggerd the event (SYSTEM isspecial user of the system).</p>
<p><b>Action:</b> Action generated by the entry in the log.</p>
<p><b>Date:</b> Date of the entry in the log.</p>
<p><b>Source IP:</b> IP of the machine or the agent that provoked the entry.</p>
<p><b>Comment:</b> Comment describing the entry</p>

<h2><a name="61">6.1. Statistics</a></h2>

<p>There isn't a special section to view system audit statistics. However, we could use a graph generated in the Users section to evaluate the actions of each user, as this graph would represent the total
number of entries in the audit log for each one: the more active the user is the higher the number of entries.</p>

<p>The graph will also show entries of invalid users, i.e., those entries generated by failed attemps to log in.</p>

<p class="center"><img src="images/image050.png"></p>

<div class="rayah">
<p align='right'>Pandora FMS is Free Software Project, licensed under GPL terms.<br> &copy; Sancho Lerena 2003-2006, David villanueva 2004-2006, Alex Arnal 2005, Ra&uacute;l Mateos 2004-2006.</p>
</div>
</body>
</html>