86 lines
2.4 KiB
XML
86 lines
2.4 KiB
XML
<?xml version="1.0" encoding="ISO-8859-15"?>
|
|
|
|
<chapter id="chapter6">
|
|
<title>System audit</title>
|
|
|
|
<para>
|
|
The Pandora's system audit shows all the actions performed by each
|
|
user, as well as the failed logins.
|
|
</para>
|
|
|
|
<para>
|
|
The system audit includes actions that somehow try to by pass the
|
|
security system: attempts to delete an incident by an unauthorized
|
|
user, attempts to change user profiles by unauthorized users, etc.
|
|
Its main function is, however, to trace the user connections
|
|
(login/logout).
|
|
</para>
|
|
|
|
<para>
|
|
The audit Logs can be found in the "System Audit Log" option of the
|
|
Administration menu, ordered chronologicly.
|
|
</para>
|
|
|
|
<para>
|
|
Filters can be applied to the Logs displayed to show only those of
|
|
interest for the user, selected by the action the Log produces.
|
|
</para>
|
|
|
|
<para>
|
|
The selectable actions are those actions stored in the Data Base
|
|
at that time.
|
|
</para>
|
|
|
|
<graphic scale='70' fileref="images/image049.png" valign="bottom"
|
|
align="center"/>
|
|
|
|
<para>
|
|
The following fields display the Audit Logs information:
|
|
</para>
|
|
<para>
|
|
<emphasis>User:</emphasis> User that triggerd the event (SYSTEM
|
|
is special user of the system).
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>Action:</emphasis> Action generated by the entry in
|
|
the log.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>Date:</emphasis> Date of the entry in the log.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>Source IP:</emphasis> IP of the machine or the agent
|
|
that provoked the entry.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>Comment:</emphasis> Comment describing the entry
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<sect1 id="sec6.1">
|
|
<title>Statistics</title>
|
|
<para>
|
|
There isn't a special section to view system audit
|
|
statistics. However, we could use a graph generated in the Users
|
|
section to evaluate the actions of each user, as this graph
|
|
would represent the total number of entries in the audit log for
|
|
each one: the more active the user is the higher the number of
|
|
entries.
|
|
</para>
|
|
<para>
|
|
The graph will also show entries of invalid users, i.e., those
|
|
entries generated by failed attemps to log in.
|
|
</para>
|
|
<graphic fileref="images/image050.png" valign="bottom"
|
|
align="center"/>
|
|
</sect1>
|
|
</chapter>
|