XYGATE Compliance PRO (XSW) Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

221

222

223

224

225

226

227

228

229

230

XYGATE

Compliance PRO

™

Reference Manual

Chapter 12. XSW Auditing and Audit Reporting

XYPRO Technology Corporation 206 Proprietary and Confidential

on the host (usually named AUDIT). The format and meaning of the audit records that

make up the audit trail are specified per product. Audit collection details for XSW can

be found below in section 12.3, “Audit Collection.” This includes a detailed record

definition.

12.1.3 Audit Reporting

XYGATE products have several available alternatives for audit reporting. Audit reports

can be generated and reviewed manually on the host using the XSW_REPORT report

macro described in Appendix C: (page 252).

The XYGATERM product can be used to generate and review a report from a PC. The

audit trail can be picked up by XYGATE Merged Audit (XMA), and merged audit

reports can be viewed through XYGATEEM or XYGATERM on a PC.

In addition, XMA can be forwarded to an external Security Information and Event

Management (SIEM) system as shown in the diagram on the previous page.

Note: Only XMA release versions 2.10 and above are capable of processing XSW

audit trails.

12.2 Audit Configuration

The audit trail is configured on the host in the SWCONF file described in Appendix A:.

To alter the audit trail configuration, click the

Configuration button on the XSW tool bar at the top of

the display to start the XYGATE Configuration Manager

(XCF) and edit the SWCONF file. (This button only

invokes XCF if it is already installed on the PC)

Alternatively, you can logon to the host and edit the

SWCONF file directly.

12.2.1 Audit Locations: Diskfiles, Local Processes, IP Processes

By default, the XSW audit trail is written to a disk file on the host. The default filename

is AUDIT, located in the installation subvol.

After installation, you can modify the SWCONF file (using Edit on the Nonstop or XCF

on the PC) to make other changes and additions to the audit trail locations.

Up to nine total audit locations can be defined for XSW. Each location specified can be

one of three types: diskfile, local process (such as an EMS Log or a CONSOLE

process), or an IP process (often used to send audit records to a SYSLOG). Refer to

the AUDIT keyword in Appendix A: for the specific syntax for this information.