4 4 3 Beefalo:Audit Logging
SEP sesam supports audit logging (≥ SEP sesam v. 4.4.3 Beefalo) based on sm_gui_server_requests.log.
You can generate audit logs (set audit trail) to record performed activities in the SEP sesam GUI and Web UI (through the SEP sesam REST API).
- What is audit log
- The audit log is recorded evidence of each action that was triggered by a user, such as a restore and deletion of a data store or setting an expiry date for a saveset.
- Each time a user performs an action in SEP sesam, the audit log displays the timestamp of the action, who performed it, and what it was.
- Why is audit logging important
The audit trail is important for any organization because of compliance (required by standards and regulations, such as ISO 27001, PCI-DSS, HIPAA ...), to ensure the integrity of their data by providing a complete track record of the data-related operations and ensuring that data has not been tampered. Audit logs help increase security and accountability as well as keep the system stable. Additionally, as they keep track of all the user activities, they enable reviewing user activity, track job modifications, and simplify troubleshooting.
- How is the audit trail protected
With SEP sesam, the audit trail data is securely stored, its access is controlled (only admin/root user can access the audit log), and the logs cannot be edited (are read-only) or manually deleted. Audit logs are deleted automatically after the retention period. A time period to retain audit records is defined in the Retention Periods window: in the menu bar, click Configuration -> Defaults -> Retention Periods -> edit the value for preserving the SEP sesam log files (default is 7 days).
Generating audit logs
It is possible to use the sm_gui_server_requests.log as an audit log, but it contains a lot of information which makes it difficult to find specific information (such as user actions).
To obtain more specific information about the user actions, you can generate a more readable version of the log file sm_gui_server_requests.log as an audit log. One way to do this is to use Rythm template engine (note that this is complex and requires expertise) or use other third-party tools.
The sm_gui_server_requests.log file is located on the server file system under gv_rw_prot.
Audit trail records may contain the following details:
- date and time
- API request for the executed action
- user associated with the activity
- user IP address
The below example shows that the restore task was deleted by the user Administrator.
021-02-03 10:55:08,592 - [GET] /sep/api/restoreTasks/rs_task01/forceRemove [User: Administrator, IP: 192.168.21.12:59111]
For more details on API calls, see Using SEP sesam REST API.