pandorafms/pandora_doc/en/pandora_chapter6.xml

<?xml version="1.0" encoding="ISO-8859-15"?> 

<chapter id="chapter6">
	<title>System audit</title>

	<para>The Pandora's system audit shows all the actions performed by each user, as well as the failed logins.</para>

	<para>In the actual version of Pandora the system
	audit includes actions that somehow try to by pass the security system:
	attempts to delete an incident by an unauthorised user, attemps to change user
	profiles by unauthoried users, etc. Its main function is, however, to trace the
	user connections (login/logout).</para>

	<para>The audit Logs can be found in the System Audit option of the Administration menu, ordered chronologicly.</para>

	<para>Filters can be applied to the Logs displayed to show only those of interest for the user, selected by the action the Log produces.</para>

	<para>The selectable actions are those actions stored in the Data Base at that time.</para>

	<graphic fileref="images/image049.png" valign="bottom" align="center"/>

	<para>The following fields display the Audit Logs information:</para>

	<para><emphasis>User:</emphasis> User that triggerd the event (SYSTEM isspecial user of the system).</para>
	<para><emphasis>Action:</emphasis> Action generated by the entry in the log.</para>
	<para><emphasis>Date:</emphasis> Date of the entry in the log.</para>
	<para><emphasis>Source IP:</emphasis> IP of the machine or the agent that provoked the entry.</para>
	<para><emphasis>Comment:</emphasis> Comment describing the entry</para>

	<sect1 id="sec6.1">
		<title>Statistics</title>

		<para>There isn't a special section to view system audit statistics. However, we could use a graph generated in the Users section to evaluate the actions of each user, as this graph would represent the total
		number of entries in the audit log for each one: the more active the user is the higher the number of entries.</para>

		<para>The graph will also show entries of invalid users, i.e., those entries generated by failed attemps to log in.</para>

		<graphic fileref="images/image050.png" valign="bottom" align="center"/>
	</sect1>
</chapter>
2006-09-11 Raul Mateos <raulofpandora@gmail.com> * New pandora_doc directory for documents in docbook format. Very Beta :-D git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@160 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2006-09-11 19:44:04 +02:00			`<?xml version="1.0" encoding="ISO-8859-15"?>`

2006-09-13 Raul Mateos <raulofpandora@gmail.com> * New pandora_doc/en/images/ files * Updated pandora_doc/en/pandora_chapter 1 to 9.xml git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@169 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2006-09-13 17:48:45 +02:00			`<chapter id="chapter6">`
2006-09-11 Raul Mateos <raulofpandora@gmail.com> * New pandora_doc directory for documents in docbook format. Very Beta :-D git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@160 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2006-09-11 19:44:04 +02:00			`<title>System audit</title>`

			`<para>The Pandora's system audit shows all the actions performed by each user, as well as the failed logins.</para>`

			`<para>In the actual version of Pandora the system`
			`audit includes actions that somehow try to by pass the security system:`
			`attempts to delete an incident by an unauthorised user, attemps to change user`
			`profiles by unauthoried users, etc. Its main function is, however, to trace the`
			`user connections (login/logout).</para>`

			`<para>The audit Logs can be found in the System Audit option of the Administration menu, ordered chronologicly.</para>`

			`<para>Filters can be applied to the Logs displayed to show only those of interest for the user, selected by the action the Log produces.</para>`

			`<para>The selectable actions are those actions stored in the Data Base at that time.</para>`

			`<graphic fileref="images/image049.png" valign="bottom" align="center"/>`

			`<para>The following fields display the Audit Logs information:</para>`

2006-09-12 Raul Mateos <raulofpandora@gmail.com> * Updated pandora_chapter 3 to 9. * Updated pandora.xml git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@162 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2006-09-12 17:17:32 +02:00			`<para><emphasis>User:</emphasis> User that triggerd the event (SYSTEM isspecial user of the system).</para>`
			`<para><emphasis>Action:</emphasis> Action generated by the entry in the log.</para>`
			`<para><emphasis>Date:</emphasis> Date of the entry in the log.</para>`
			`<para><emphasis>Source IP:</emphasis> IP of the machine or the agent that provoked the entry.</para>`
			`<para><emphasis>Comment:</emphasis> Comment describing the entry</para>`
2006-09-11 Raul Mateos <raulofpandora@gmail.com> * New pandora_doc directory for documents in docbook format. Very Beta :-D git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@160 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2006-09-11 19:44:04 +02:00
2006-09-14 Raul Mateos <raulofpandora@gmail.com> * Updated id in pandora_doc/en/pandora_chapter[1-9].xml (!7) git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@170 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2006-09-14 13:52:24 +02:00			`<sect1 id="sec6.1">`
2006-09-11 Raul Mateos <raulofpandora@gmail.com> * New pandora_doc directory for documents in docbook format. Very Beta :-D git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@160 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2006-09-11 19:44:04 +02:00			`<title>Statistics</title>`

			`<para>There isn't a special section to view system audit statistics. However, we could use a graph generated in the Users section to evaluate the actions of each user, as this graph would represent the total`
			`number of entries in the audit log for each one: the more active the user is the higher the number of entries.</para>`

			`<para>The graph will also show entries of invalid users, i.e., those entries generated by failed attemps to log in.</para>`

			`<graphic fileref="images/image050.png" valign="bottom" align="center"/>`
			`</sect1>`
			`</chapter>`