3 audited operations and activity, Audited operations and activity – HP 3PAR Service Processors User Manual

7.27

Working in the Audit Log Tab

3PAR Secure Service Policy Manager User’s Guide

■

dd

is the current day.

7.5.3 Audited Operations and Activity

As discussed earlier, Policy Manager generates audit log entries for the Policy Manager and

agents.

Policy Manager entries are generated when:

■

A Policy Manager user logs in to or logs out of the server.

■

A Policy Manager user accepts or denies a pending action.

■

An action pending approval times out before it is accepted or denied.

■

A Policy Manager user modifies a policy.

■

A Policy Manager user creates, modifies, or deletes an action permission from a policy.

Custodian entries are generated when:

■

An agent registers with Policy Manager.

■

An agent forwards a message or command received from the Collector Server; for example,

messages about operations that were successful, failed, and denied.

■

An agent sends a request to perform an action that has a permission access right of Ask for

Approval.

■

An agent performs an action defined for a permission access right of Always Allow. The

message sent to Policy Manager audit log includes the name of the user who performed

the action, the action that was performed, and the success or failure of executing the

action.

■

An agent denies an action defined for a permission access right of Never Allow. The

message sent to Policy Manager audit log includes the name of the user who attempted to

perform the action, information about the action that was rejected (specific to the type of

action), and the policy permission caused the action to be rejected.

NOTE: There are no bounds on how large audit log files can grow or how many

files will be stored on disk. 3PAR recommends that you keep track of disk use and

space, and archive the files as needed.