Agent audit log persistence – HP 3PAR Policy Manager Software User Manual
Page 41
•
A Policy Manager user modifies a policy.
•
A Policy Manager user creates, modifies, or deletes an action permission from a policy.
Custodian entries are generated when:
•
An agent registers with Policy Manager.
•
An agent forwards a message or command received from the Collector Server; for example,
messages about operations that were successful, failed, and denied.
•
An agent sends a request to perform an action that has a permission access right of Ask for
Approval.
•
An agent performs an action defined for a permission access right of Always Allow. The
message sent to Policy Manager audit log includes the name of the user who performed the
action, the action that was performed, and the success or failure of executing the action.
•
An agent denies an action defined for a permission access right of Never Allow. The message
sent to Policy Manager audit log includes the name of the user who attempted to perform the
action, information about the action that was rejected (specific to the type of action), and the
policy permission caused the action to be rejected.
Agent Audit Log Persistence
The Custodian queues all Policy Manager related auditing messages in its audit log until the time
it sends them to the Policy Manager for processing. If Policy Manager is offline, the Agent continues
sending the messages until it can communicate them to Policy Manager. If the Custodian cannot
communicate the messages to Policy Manager before the Custodian’s own audit log has reached
its maximum size, all new audit log entries are discarded.
Working in the Audit Log Tab
41