Service Processors
7.27
Working in the Audit Log Tab
3PAR Secure Service Policy Manager User’s Guide
■ dd is the current day.
7.5.3 Audited Operations and Activity
As discussed earlier, Policy Manager generates audit log entries for the Policy Manager and
agents.
Policy Manager entries are generated when:
■ A Policy Manager user logs in to or logs out of the server.
■ A Policy Manager user accepts or denies a pending action.
■ An action pending approval times out before it is accepted or denied.
■ A Policy Manager user modifies a policy.
■ A Policy Manager user creates, modifies, or deletes an action permission from a policy.
Custodian entries are generated when:
■ An agent registers with Policy Manager.
■ An agent forwards a message or command received from the Collector Server; for example,
messages about operations that were successful, failed, and denied.
■ An agent sends a request to perform an action that has a permission access right of Ask for
Approval.
■ An agent performs an action defined for a permission access right of Always Allow. The
message sent to Policy Manager audit log includes the name of the user who performed
the action, the action that was performed, and the success or failure of executing the
action.
■ An agent denies an action defined for a permission access right of Never Allow. The
message sent to Policy Manager audit log includes the name of the user who attempted to
perform the action, information about the action that was rejected (specific to the type of
action), and the policy permission caused the action to be rejected.
NOTE: There are no bounds on how large audit log files can grow or how many
files will be stored on disk. 3PAR recommends that you keep track of disk use and
space, and archive the files as needed.