Manualshelf

Administrator Guides EN Owner's manual

ManualsBrandsAASTRA ManualsAccessories communicationBluStar 8000i BAS-Mode
131132133134135136137138139140
Auditing
8-19 41-001391-00 Rev 03 – 04.2012
The Audit Profile Conformance section indicates to what profile the auditing conforms. Note that in Edit mode you
should always Save before the conformance.
In Edit mode you are able to enable and disable individual rules. The Quick Selection section can be used to enable and
disable rules collectively. When the page is saved it saves the rule selection to the database.
The WebUI also has the following two configurable fields:
Maximum Number of Backlogged Audit Events
Refers to the -b option in ‘man auditctl and indicates the maximum number of queued event records can be stored
in kernel memory before either panicking or dropping records.
Failure Action
Refers to the -f option in ‘man auditctl’ and indicates to the audit what to do if an error condition occurs. The WebUI
allows the error condition to be logged or that the kernel should panic.
Platform Audit Viewer
This subsection displays all logged events configured in Platform :: Auditing :: Platform Audit Configuration, and
functions in a manner similar to the system log viewers.
WARNING!
Enabling too many rules with max backlog event set to a low number and the failure action set to panic
could prevent the server from booting properly.
Note:
All records have a an ID. Records with the same ID refer to the same auditing event. Records for some system events are
still produced even if no rules are enable (e.g. an SSH login).