Audit Trail Manager

Table Of Contents

Audit Trail

Audit Trail Concepts

SecurityProperties.properties File Format

Operation Types

Logging Records

Logged Operations

Audit Trail User Interface

Listing the Audit Trail Records

Setting the Size of the Audit Trail Repository

Viewing the Record

Exporting to a File

Audit Trail

---

This chapter provides information about the Audit Trail capabilities provided by Cisco PTC - VS.

---

Note Only system administrators are capable of viewing audit trails.

---

Auditing is an essential component of enforcing accountability. Accountability is the ability to trace activities of a system user and is typically done by associating a process or action with a specific user. Cisco PTC - VS allows you to view the log records of various operations. The logging component logs all service requests and their processing status and provides audit trail records for all service requests. Following is a list of the features supported by the Cisco PTC - VS Audit Trail component:

•Cisco PTC - VS logs audit trails for all user log in and user log off operations.

•Cisco PTC - VS logs audit trails for all provisioning operations. The provisioning operations include all of the configuration operations on a virtual gateway, a gateway, a gatekeeper/directory gatekeeper, a region, and a zone.

•Cisco PTC - VS logs audit trails for topology operations such as network discovery, synchronization, and the adding, deleting, and modifying of device configurations.

•Audit trails are stored in a file. The information logged includes the user who performed the operation, operation type, date/time, and network entity(s) involved, if any.

•The Audit Trail table can be exported to a file.

Audit Trail Concepts

The Audit Trail module has two components: a Log Server and a Viewer Server. The log records are stored in the repository by the Log Server and the View Server pushes them to the Cisco PTC - VS Client whenever a request from a Client arrives. The Cisco PTC - VS Audit Trail feature operates as follows:

•The Audit Trail GUI is launched from the Cisco PTC - VS Main window by first clicking on the System Management tab and then clicking the Audit Trail icon

•The audit trails are viewable only by the Cisco PTC - VS clients with the appropriate administration privileges

•The browser supports log filtering to view a subset of the log records that satisfy a filtering criteria. Filterable items include: user, operation, date (from and to dates), object type, and status (if any). You are allowed to enter multiple search criteria. For example, you are allowed to simultaneously select the user ID, date/time, and the operation type as the filtering criteria.

•You can select the number of records that appear in one page of the Audit Trail table

•You can sort the records by Audit ID, user ID, operation, object type, and start or completion time

•You can refresh the displayed log records in order to obtain an updated list

•As system administrator, you can define the maximum size of the log file. A maximum log size of zero is used to specify that the log size has no predefined limit. When a log file reaches the maximum size limit, the log is copied to another file named <original_log_file_name>.<n>,
where: <original_log_file_name> is the name of the original log file <n> is incremented each time the file size reaches the specified maximum size.

This process continues until the backup file number reaches the value defined in the props.numoflogfiles file. When this occurs, the old log files are deleted before the latest log files are copied to the backup log files.

SecurityProperties.properties File Format

The Audit Trail log file related values are stored in the SecurityProperties.properties file. The format of the SecurityProperties.properties file is:

props.logDir=/auto/Cisco/vnm/log/AuditLog

props.limit = 10000

props.numoflogfiles=7

props.numofProcess=15

---

Note The file size is in bytes. When the file reaches its maximum size, the old files are deleted automatically.

---

All of the information regarding the log is obtained from the audit_trail log and is displayed upon request. The format of each field is:

AuditId—job ID number in the following format: <mmmddyy>_<unique number>.

UserId—the administrator's User Id.

Terminal—the Client's host name.

Object—the name of the object upon which the operation is performed:

•for provisioning operations, the Object field is the scope of the operations

•for topology operations, the Object field is the name of the region or device

StartTime—the start time and date of the operation. The format is:
<day mmm dd hr:mn:sec GMT -05:00 yyyy>.

CompletionTime—the completion date and time of the operation. The format is:
<day mmm dd hr:mn:sec GMT -05:00 yyyy>.

Operation Types

This section describes the operation types supported by the various Cisco PTC - VS operations.

Provisioning Operations

For provisioning operations, the following operation types are supported:

•create

•delete

•modify

•view appended with the service object name.

Network Synchronization and Network Discovery Operations

For network synchronization and discovery operations, the following operation types are supported:

•network_sync

•network_disc.

Addition and Deletion of Region and Device and Configuration Modification Operations

For addition and deletion of regions or devices or configuration modification operations, the following operation types are supported:

•add

•delete

•modify (appended with the region or device type)

Status—the status of the operation. It can be Completed, Errored, or Pending

StartTime—the start time and date of the operation. The format is:
<day mmm dd hr:mn:sec GMT -05:00 yyyy>.

CompletionTime—the completion date and time of the operation. The format is:
<day mmm dd hr:mn:sec GMT -05:00 yyyy>.

Message—contains all of the possible information about the operation.

LogLevel—the logging level (for example, Information, Warning, Error.)

Logging Records

The various records are written to the Cisco PTC - VS file system using the JDK 1.4 Logger.

Logged Operations

This section describes the operations that are logged to the Audit Trail Repository. The following operations are logged:

•When a user logs in and out of the Cisco PTC - VS application.

•The details of the network discovery and the network synchronization are also added to the repository.

•Topology operations—addition and deletion of regions or devices and updating the device configuration.

•Provisioning operations—addition, deletion, and modification of a service object's configuration.

Figure 7-1 Event Flow Diagram

Audit Trail User Interface

This sections describes how to accomplish various tasks using the Audit Trail GUI.

Listing the Audit Trail Records

This section describes how to list the Audit Trail log records.

---

Step 1 Click the System Management tab in the Cisco PTC - VS Main window.

The System Management window appears.

Step 2 Click the Audit Trail icon.

The Audit Trail window appears.

Step 3 Click List All.

Step 4 A list of the operation and event logs appears, as shown in Figure 7-2.

Figure 7-2 Audit Trail Window

Step 5 Click Filter.

The Filter Conditions window appears, as shown in Figure 7-3. Currently, you can only search User Operation Log records, which is selected by default.

Figure 7-3 Filter Conditions Window

Step 6 Enter and/or choose the desired filter values in the corresponding fields, then click OK. In this example, the User check box was selected and vnm was entered in User Id text field.

Figure 7-4 Filter Conditions Window - Search Criteria

After the validation of the search criteria, the records are selected from the Audit Trail repository and listed in the Audit Trail window, as shown in Figure 7-5. When no matches are found, a message is displayed stating the specified criteria found no matches. For example, if records for User ID vnm2 are not found, the error message displayed is, "No rows found for the selected criteria User Id=vnm2".

When more records are available than can be displayed in the Audit Trail window, use Next to access the additional records and Back to go back to the previous display.

Figure 7-5 Filtered Audit Trail Listing Page

---

Setting the Size of the Audit Trail Repository

This section describes how to set the size of the Audit Trail repository.

---

Note It is strongly recommended that you do not set the size value to 999,999 bytes.

---

---

Step 1 Open the Audit Trail window, as described in earlier examples.

Step 2 Click Set Size.

The Set File Size window appears.

Step 3 Enter the size of the file, in bytes, then click OK.

The size of the log file is changed in the SecurityProperties.properties file.

Step 4 To cancel the operation and go back to the Audit Trail window, click Cancel before submitting the change.

---

Viewing the Record

This section describes how to view a record in the Audit Trail repository.

---

Step 1 Open the Audit Trail window, as described in earlier examples, and list the records pertaining to the search criteria you desire.

Step 2 Select an entry from the records listed in the Audit Trail window.

Step 3 Click View.

A window containing all of the selected entry's details and, where applicable, a log message appears, as shown in Figure 7-6.

Figure 7-6 Viewing a Log Record

---

Exporting to a File

This section describes how to export a selected record or the entire page to a file in the $TOMCAT-HOME/webapps/ptc/exportFiles directory. You can also save the text file to the Cisco PTC - VS Client machine by right clicking on the displayed link and selecting the desired save operation.

---

Step 1 Select one of the rows, then click Export.

A window appears with two options:

•Selected rows only

•Current page.

Step 2 Select either of the options. If the Selected rows only option is selected, only one row in the table should be selected.

---