No audit method of data retrieval, The audit method of data retrieval – Fortinet FortiDB User Manual

FortiDB Version 3.2 Privilege Monitor User Guide

6

15-32000-81364-20081219

Audit vs. No Audit

Steps to Use PM

Audit vs. No Audit (snapshot) Method of Data Retrieval

No Audit Method of Data Retrieval

No Audit (snapshot) method takes snapshots of system tables in order to alert you
about any activity which results in changes to these tables. For this method,
target-database access is limited to a defined interval or 'guard cycle'. Access
within this interval is not captured by FortiDB MA and, consequently, does not
generate alerts. For example, if you have configured a 1-minute monitoring
interval, a privilege change that is made and undone within 59 seconds will not be
captured and therefore cannot generate an alert.

Once you specify which items to monitor and at what frequency, Privilege Monitor
scans your database and, using the monitoring interval you specify, writes
snapshots of privilege settings to a log file. It then compares the current condition
of those settings to previous snapshots in the file and reports on information such
as:

• Rule violation

• Privilege change(s)

• Grantee

• Grantor

• Time of change

The Audit Method of Data Retrieval

The audit method relies upon audit records to generate alerts. Once auditing is set
up for some event, every occurrence of the event is captured; the audit method
results in information about all activities on the target database.

Note: If you close your database connection or get disconnected; e.g., because of
a network outage, monitoring and reporting will stop. When you reconnect, the
snapshot log from when you were last connected will be read and compared with
current data and any changes made while you were offline will be noted.