Chapter 7: Using the SafeWord 2008 Management Console
Managing and viewing audit logs
166
Deleting an archived audit log file
When you want to completely remove an archive set from the system, you use
the Delete button on the Manage Audit Log Archives window.
To delete an archive file, select the file you want to delete, then click
Delete
and
answer
Yes
to confirm your decision. When the file is successfully deleted, it
will be removed from the list. Click
OK
to close the window.
Important: This will permanently delete the archive set.
Configuring the archival of audit logs
To archive audit logs you must designate a period of time after which audit logs
of a chosen age will automatically get archived. The Audit Log Archival pane
on the Manage Audit Log Archives window allows you to define the age (in
hours) after which the designated logs automatically are archived into an
archive set.
Automatically archiving audit logs
To automatically archive audit logs of a certain age, on the Manage Audit Log
Archives pane, in the Archive Audit Logs Older Than field enter the number of
Hours
that logs should exist before they are archived.
Click
OK
to save this value.
Archiving audit logs immediately
To archive off all the audit logs immediately, click
Now
on the Audit Log Archive
pane. SafeWord archives currently stored audit logs and removes them from
the system. This may take a few minutes in larger databases. Once done, the
archived log sets appear in the list window.
When you are done, click
OK
to close the window.
Log archival impact on reporting
The most common reporting scenarios will involve the export of audit log data.
With audit logs, you can determine many useful statistics that describe the
authentication activity in your organization. However, you must ensure that the
appropriate amount of audit log data stays resident within the Admin Server for
long enough so that it can be exported through the new reporting mechanism.
Specifically, you must ensure that the
audit log archival period
is sufficiently
large. If you intend to run weekly reports based on a week’s worth of audit
log data, then you must ensure that your audit log archival period is at least
seven days.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
