2.7

Table Of Contents
VMware, Inc. 57
Appendix: Database Schema and Audit Event Log Data
/* Audit Event Log data */
CREATE TABLE PolicyDb_Event (
eventUID INTEGER, /* Primary key of the table (sequential) */
eventTs VARCHAR(21), /* Timestamp of the event creation in uSec */
loginName VARCHAR(128), /* Login user name of the actor */
aceUID VARCHAR(128), /* UID of the ACE affected by event */
packageUID VARCHAR(128), /* UID of the package affected by event */
instanceUID VARCHAR(128), /* UID of the instance affected by event */
policyVersion INTEGER, /* Version of ACE policy affected by event */
eventCategory INTEGER, /* Event Category as defined in EventType */
eventType INTEGER, /* Event Type as defined in EventType */
sessionID VARCHAR(128), /* Ace Server Session ID */
clientIP VARCHAR(128), /* IP Address of the client machine (resvd) */
serverIP VARCHAR(128), /* IP Address of the Ace Server (reserved) */
turnaroundTime VARCHAR(21), /* Server-side execution time in ms */
handlerName VARCHAR(128), /* Name of the ClientLib handler (debug) */
returnCodeText VARCHAR(128), /* Text error code returned to the client */
messageParams VARCHAR(1024), /* Tab separated list of event data */
prevEventUID INTEGER UNIQUE, /* UID of the previous recorded event */
eventSignature VARCHAR(128), /* Event signature, signed with server key */
FOREIGN KEY(eventType) REFERENCES PolicyDb_EventType(eventType),
FOREIGN KEY(prevEventUID) REFERENCES PolicyDb_Event(eventUID),
PRIMARY KEY (eventUID));
Querying the Audit Event Log Data
YoucanusetheACEServerComponenttocreateanaudittrailforalltransactionsthattheserverperforms.
Youcanusethissystemtotrackusage,securitybreaches,policyerrors,performance,andsoon.
TheACEServerComponentEventLogginginfrastructureisflexibleenoughtoprovidedetailedloggingwhen
necessary,
withoutoverwhelmingthesystembyslowingperformance.
Theeventloggingmechanismcapturesenoughinformationtoanswerthefollowingquestions:
Whoactivatedaninstance?
Whenwasaninstanceactivated?
Whorevokedaninstance?
Whoturnedoffcopyprotectionpolicy?
Whatchangestopolicyweremadeonaparticulardate?
Whoisfailingtoauthenticate?
Themechanismdoesnotnecessarilyanswerthesequestionsdirectly,butprovidesenoughdatasothatan
administratorcanvieweventlogsandfindanswers.Thedatabeingloggedmeetsthefollowingrequirements:
Providesdetailsofeachtransactionserved.
Centralizesthegatheringofev entlogdatawhenmultipleserversareused.
Providesameansforadministratorstoselectwhichtypeoftransactionsarelogged.
Canbeconfiguredtoprovidemoreorfewerlogswhennecessary.
Someofthisaudittrailisalreadyvisiblethroughotherfeaturesoftheproduct.Forexample,theinstance
viewerdisplaysthedateofthelastpolicygetoperation,ortheexpirationdate,andsoon.Theeventlogging
mechanismcan
answermoredifficultquestions,suchaswhichadministratormadewhichpolicychangesand
whichadministratordeletedanACEinstance.
Table A1describesthedatathatisstoredinalogentry.