5 1 0:Audit Logging
Overview
SEP sesam enables audit logging using its existing logging capabilities. SEP sesam REST API can be used to set an audit trail and generate audit logs that record activities performed in the SEP sesam GUI and Web UI.
- What is an audit log
- An audit log is a recorded evidence of each action triggered by a user, such as restoring and deleting a data store or setting an expiry date for a saveset.
- Each time a user performs an action in SEP sesam, the audit log displays the timestamp of the action, who performed it, and what it was.
- Why is audit logging important
Audit logs are important for any organization as they ensure compliance with standards and regulations (such as ISO 27001, PCI-DSS, HIPAA), ensure the integrity of data by providing complete records of data-related operations, and ensure that data has not been tampered with. Audit logs help increase security and accountability as well as keep the system stable. Additionally, as they keep track of all user activities, they enable reviewing user activity, tracking job modifications, and simplifying troubleshooting.
- How is audit trail generated in SEP sesam
With SEP sesam, you can generate audit logs using the existing logs. SEP sesam logs record detailed information about system activities, including user actions. These logs are stored in various files, such as sm_gui_server_requests.log. Relevant information needed for audit purposes, such as user activities, system events, and configuration changes, can be extracted from these logs and stored in a secure location. To ensure that the audit logs cannot be modified or deleted without authorization, external tools can be used to secure them and detect any unauthorized access or changes.
Generating audit logs
The sm_gui_server_requests.log is the main log file for recording user actions and system activities. Because it contains a lot of information, it can be difficult to find specific details such as user actions.
To make this information more accessible, you can use the Rythm Template Engine and create a more readable version of the log file. Rythm offers templates for filtering and formatting the data, however, it is complex and requires additional expertise. Alternatively, you can use other third-party tools available that can help parse and filter log files to extract relevant audit information more efficiently. Once you have extracted the relevant information (e.g., user activities, system events, configuration changes), store it in a secure location to protect it from unauthorized access or modification.
The sm_gui_server_requests.log file is located in the server file system under gv_rw_prot.
Audit trail records can contain the following details:
- date and time
- API request for the executed action
- user associated with the activity
- user IP address
For example, the following entry shows that the restore task was deleted by the user Administrator.
021-02-03 10:55:08,592 - [GET] /sep/api/restoreTasks/rs_task01/forceRemove [User: Administrator, IP: 192.168.21.12:59111]
For more details on API calls, see Using SEP sesam REST API.
Recommendations for ensuring log integrity
To ensure audit logs are retained for an appropriate period of time, set the retention period for SEP sesam log files. In the GUI menu bar click Configuration -> Defaults -> Retention Periods and then edit the retention period for log files (default is 7 days).
To maintain the integrity of your audit logs, consider the following:
- Regularly back up your log files to a secure, off-site location to prevent data loss.
- Restrict access to log files to authorized personnel only.
- Use monitoring tools to detect any unauthorized access or changes to the log files. This will help ensure that any tampering attempts are quickly identified and addressed.
See also
Using SEP sesam REST API – SEP sesam Logging