Manualshelf

HP StorageWorks XP Audit Log reference guide: HP XP12000 Disk Array, HP XP10000 Disk Array, HP 200 Storage Virtualization System (5697-8004, March 2009)

ManualsBrandsHP ManualsSoftwareHP Remote Web Console XP
21222324252627282930
In the United States, the Sarbanes-Oxley (SOX) Act establishes corporate accountability for all
public companies, requiring strict IT controls and processes. Specifically, Sarbanes-Oxley requires
companies to “Audit unauthorized access, misuse and fraud, in order to ensure the accuracy of
corporate financial and business information” and “maintain financial records for seven years.
Internationally, the Basel II Accord requires all internationally active banks to adopt similar or
consistent risk management practices. Banks are required to implement a comprehensive program
of risk prevention, detection, analysis and management, and mitigate operational risks associated
with IT systems by 2006. The accord recommends “retaining activity logs for 3 to 7 years.
Introduction to the syslog server
Audit log uses the syslog server, which is a commonly-used simple utility and protocol, to exchange
log messages. The term syslog is often used for the protocol, the tools that send the logs, as well as
the individual logs and the log files themselves.
The syslog architecture can be summarized as follows:
Senders (devices and relays) send messages to relays or collectors with no knowledge of whether
it is a collector or relay.
Senders may be configured to send the same message to multiple receivers.
Relays may send all or some of the messages that they receive to a subsequent relay or collector.
If relays do not forward all of the messages, they are acting as both a collector and a relay. In
the following figure, these devices are designated as relays.
Relays may also generate their own messages and send them on to subsequent relays or collectors.
In that case, it is acting as a device.
The following figure illustrates some common syslog configurations.
Figure 1 Examples of syslog architecture
The specific needs of your particular business will determine the system architecture. From a storage
perspective, knowing where the log events need to be shipped, how the events need to be handled,
and then implementing it appropriately represents the end point. The storage layer need only concern
Introduction22