Maintaining the Audit Store

Maintaining the logs and indexes in the Audit Store includes the process for archiving and creating scheduled tasks.

Logging follows a fixed routine. The system generates logs, which are collected and then forwarded to the Audit Store. The Audit Store holds the logs and these log records are used in various areas, such as, alerts, reports, dashboards, and so on. This section explains the logging architecture.


Working with alerts

Use alerting to keep track of the different activities that take place on the system. The alerting ecosystem consists of the monitor, trigger, action, and channels.

Index lifecycle management (ILM)

The Protegrity Data Security Platform enforces security policies at many protection points throughout an enterprise and sends logs to the Audit Store. The logs are stored in a log repository, in this case the Audit Store. Manage the log repository using the Index Lifecycle Management (ILM). These logs are then available for reporting.

Viewing policy reports

Policies control the access and rights provided to users over files and records. These access-related tasks are logged and presented to the user when required. It enables users to monitor the files and the data accessed. This report is generated by the triggering agent every time a policy or data store is added, modified, or deleted. It can be analyzed and used for an audit for ascertaining the integrity of policies.

Verifying signatures

Logs are generated on the protectors. The log is then processed using the signature key and a hash value, and a checksum is generated for the log entry. The hash and the checksum is sent to the Audit Store for storage and further processing. When the log entry is received by the Audit Store, a check can be performed when the signature verification job is executed to verify the integrity of the logs.

Using the scheduler

An administrator can execute tasks for ILM, reporting, and signature verification. These tasks that need to be executed regularly or after a fixed interval can be converted to a scheduled task. This ensures that the task is processed regularly at the set time leaving the administrator free to work on other more important tasks.