4 4 3 Beefalo:Audit Logging

From SEPsesam
Jump to: navigation, search
Other languages:
Deutsch • ‎English

Copyright © SEP AG 1999-2022. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Draft.png WORK IN PROGRESS
This page is a draft. Treat the information on this page with caution as it may be incomplete.


Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Beefalo/5.0.0 Jaglion. For previous documentation version(s), check Documentation archive.


Overview

SEP sesam supports audit logging based on sm_gui_server_requests.log.

You can generate audit logs (set audit trail) to record activities performed in the SEP sesam GUI and Web UI (via the SEP sesam REST API).

What is an audit log
  • The audit log is a recorded evidence of each action triggered by a user, such as restoring and deleting a data store or setting an expiry date for a saveset.
  • Each time a user performs an action in SEP sesam, the audit log displays the timestamp of the action, who performed it, and what it was.
Why is audit logging important

Audit logs are important for any organisation as they ensure compliance with standards and regulations (such as ISO 27001, PCI-DSS, HIPAA ...), ensure the integrity of data by providing a complete track record of data-related operations, and ensure that data has not been tampered with. Audit logs help increase security and accountability as well as keep the system stable. Additionally, as they keep track of all user activities, they enable reviewing user activity, track job modifications, and simplify troubleshooting.

How is the audit trail protected

With SEP sesam, audit trail data is securely stored, its access is controlled (only admin/root user can access the audit log), and logs cannot be edited (read-only) or manually deleted. Audit logs are deleted automatically after the retention period. A retention period for audit logs is set in the Retention Periods window: in the menu bar, click Configuration -> Defaults -> Retention Periods -> edit the value for preserving SEP sesam log files (default is 7 days).

Generating audit logs

It is possible to use the sm_gui_server_requests.log as an audit log, but it contains a lot of information which makes it difficult to find specific information (such as user actions).

To obtain more specific information about user actions, you can generate a more readable version of the log file sm_gui_server_requests.log as an audit log. One way to do this is to use the Rythm template engine (note that this is complex and requires expertise) or use other third-party tools.

The sm_gui_server_requests.log file is located in the server file system under gv_rw_prot.

Audit trail records can contain the following details:

  • date and time
  • API request for the executed action
  • user associated with the activity
  • user IP address

The following example shows that the restore task was deleted by the user Administrator.

021-02-03 10:55:08,592 - [GET] /sep/api/restoreTasks/rs_task01/forceRemove [User: Administrator, IP: 192.168.21.12:59111]

For more details on API calls, see Using SEP sesam REST API.

See also

Using SEP sesam REST APISEP sesam Logging