Audit Log Import and Review

Set up logs to roll daily

When creating a log file set the .ini file values below:

LogDirectory - the directory where the logs will be created

LogNamePattern - the fully qualifed path and name for the log files. The name should contain the %N pattern character to create unique names as the logs rollover

LogRotationInverval - set to 86400 to trigger the logs to roll over daily

LogRoatationSize - set to 2G to cause a roll over when the logs are very large daily

ServiceName - should be descriptive of the log process

ServiceType - set to logmonitor

SockPort - set the the port the appx engine will send the log information

The logs will automaticly roll over daily at the time the service is started (86400 seconds from when the ./appxAuditMgr -start <service name> is issued or the service is started from the operating system).

Set up at the operating system

Install the logs-roll, logs-remove, and logs-compress files. These can be installed anywhere but a good location would be then $APPXPATH/../services directory. That location keeps all the log related items together in a common directory. These should be owned by root with the group s et to appxgrp, and have the S bit set.

Create a directory to store the logs. This should match the value set in the LogDirectory set up in the .ini file mentioned above.

Create a directory to store the logs after they are imported and compressed.

Place the script daily-audit-log-import.sh on the operating system. You may wish to create a scripts directory in the $APPXPATH/../ directory (at the same level as data and services) and place the script there. That way if the appx installation is moved the script would most likely move with it.

Load the 1CH/vv and XML/vv applications into the APPX tree. A copy will need to be installed for each version you want to have logging activated. Also load the data directories associated with the apps.

-- GaryRogers - 2014-02-27


This topic: Sandbox > AuditLogImport
Topic revision: r1 - 2014-02-27 - GaryRogers
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback