4 4 3 Beefalo:Audit Logging

From SEPsesam
Jump to: navigation, search
Other languages:
Deutsch • ‎English

Copyright © SEP AG 1999-2020. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Draft.png WORK IN PROGRESS
This page is a draft. Treat the information on this page with caution as it may be incomplete.


Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Beefalo/4.4.3 Beefalo V2. For previous documentation version(s), check Documentation archive.


Overview

SEP sesam supports audit logging (≥ SEP sesam v. 4.4.3 Beefalo) based on sm_gui_server_requests.log.

You can generate audit logs (set audit trail) to record performed activities in the SEP sesam GUI and Web UI (through the SEP sesam REST API).

What is audit log
  • The audit log is recorded evidence of each action that was triggered by a user, such as a restore and deletion of a data store or setting an expiry date for a saveset.
  • Each time a user performs an action in SEP sesam, the audit log displays the timestamp of the action, who performed it, and what it was.
Why is audit logging important

The audit trail is important for any organization because of compliance (required by standards and regulations, such as ISO 27001, PCI-DSS, HIPAA ...), to ensure the integrity of their data by providing a complete track record of the data-related operations and ensuring that data has not been tampered. Audit logs help increase security and accountability as well as keep the system stable. Additionally, as they keep track of all the user activities, they enable reviewing user activity, track job modifications, and simplify troubleshooting.

How is the audit trail protected

With SEP sesam, the audit trail data is securely stored, its access is controlled (only admin/root user can access the audit log), and the logs cannot be edited (are read-only) or manually deleted. Audit logs are deleted automatically after the retention period. A time period to retain audit records is defined in the Retention Periods window: in the menu bar, click Configuration -> Defaults -> Retention Periods -> edit the value for preserving the SEP sesam log files (default is 7 days).

Generating audit logs

It is possible to use the sm_gui_server_requests.log as an audit log, but it contains a lot of information which makes it difficult to find specific information (such as user actions).

To obtain more specific information about the user actions, you can generate a more readable version of the log file sm_gui_server_requests.log as an audit log. One way to do this is to use Rythm template engine (note that this is complex and requires expertise) or use other third-party tools.

The sm_gui_server_requests.log file is located on the server file system under gv_rw_prot.

Audit trail records may contain the following details:

  • date and time
  • API request for the executed action
  • user associated with the activity
  • user IP address

The below example shows that the restore task was deleted by the user Administrator.

021-02-03 10:55:08,592 - [GET] /sep/api/restoreTasks/rs_task01/forceRemove [User: Administrator, IP: 192.168.21.12:59111]

For more details on API calls, see Using SEP sesam REST API.

See also

Using SEP sesam REST APISEP sesam Logging