4 4 3 Beefalo:Audit Logging
SEP sesam supports audit logging based on sm_gui_server_requests.log.
You can generate audit logs (set audit trail) to record activities performed in the SEP sesam GUI and Web UI (via the SEP sesam REST API).
- What is an audit log
- The audit log is a recorded evidence of each action triggered by a user, such as restoring and deleting a data store or setting an expiry date for a saveset.
- Each time a user performs an action in SEP sesam, the audit log displays the timestamp of the action, who performed it, and what it was.
- Why is audit logging important
Audit logs are important for any organisation as they ensure compliance with standards and regulations (such as ISO 27001, PCI-DSS, HIPAA ...), ensure the integrity of data by providing a complete track record of data-related operations, and ensure that data has not been tampered with. Audit logs help increase security and accountability as well as keep the system stable. Additionally, as they keep track of all user activities, they enable reviewing user activity, track job modifications, and simplify troubleshooting.
- How is the audit trail protected
With SEP sesam, audit trail data is securely stored, its access is controlled (only admin/root user can access the audit log), and logs cannot be edited (read-only) or manually deleted. Audit logs are deleted automatically after the retention period. A retention period for audit logs is set in the Retention Periods window: in the menu bar, click Configuration -> Defaults -> Retention Periods -> edit the value for preserving SEP sesam log files (default is 7 days).
Generating audit logs
It is possible to use the sm_gui_server_requests.log as an audit log, but it contains a lot of information which makes it difficult to find specific information (such as user actions).
To obtain more specific information about user actions, you can generate a more readable version of the log file sm_gui_server_requests.log as an audit log. One way to do this is to use the Rythm template engine (note that this is complex and requires expertise) or use other third-party tools.
The sm_gui_server_requests.log file is located in the server file system under gv_rw_prot.
Audit trail records can contain the following details:
- date and time
- API request for the executed action
- user associated with the activity
- user IP address
The following example shows that the restore task was deleted by the user Administrator.
021-02-03 10:55:08,592 - [GET] /sep/api/restoreTasks/rs_task01/forceRemove [User: Administrator, IP: 192.168.21.12:59111]
For more details on API calls, see Using SEP sesam REST API.