Chapter 7: Using the SafeWord 2008 Management Console
Managing and viewing audit logs
166
Deleting an archived audit log file
When you want to completely remove an archive set from the system, you use
the Delete button on the Manage Audit Log Archives window.
To delete an archive file, select the file you want to delete, then click
Delete
and
answer
Yes
to confirm your decision. When the file is successfully deleted, it
will be removed from the list. Click
OK
to close the window.
Important: This will permanently delete the archive set.
Configuring the archival of audit logs
To archive audit logs you must designate a period of time after which audit logs
of a chosen age will automatically get archived. The Audit Log Archival pane
on the Manage Audit Log Archives window allows you to define the age (in
hours) after which the designated logs automatically are archived into an
archive set.
Automatically archiving audit logs
To automatically archive audit logs of a certain age, on the Manage Audit Log
Archives pane, in the Archive Audit Logs Older Than field enter the number of
Hours
that logs should exist before they are archived.
Click
OK
to save this value.
Archiving audit logs immediately
To archive off all the audit logs immediately, click
Now
on the Audit Log Archive
pane. SafeWord archives currently stored audit logs and removes them from
the system. This may take a few minutes in larger databases. Once done, the
archived log sets appear in the list window.
When you are done, click
OK
to close the window.
Log archival impact on reporting
The most common reporting scenarios will involve the export of audit log data.
With audit logs, you can determine many useful statistics that describe the
authentication activity in your organization. However, you must ensure that the
appropriate amount of audit log data stays resident within the Admin Server for
long enough so that it can be exported through the new reporting mechanism.
Specifically, you must ensure that the
audit log archival period
is sufficiently
large. If you intend to run weekly reports based on a week’s worth of audit
log data, then you must ensure that your audit log archival period is at least
seven days.