Indelible Audit Trail

(Click on images for higher definition view)

All audit trails generated by PUM are sent to and retained by one or more Audit Servers.  Typically there will be at least two such Audit Servers for the purposes of redundancy.  These Audit Servers are normally dedicated systems or virtual systems and access is restricted to those staff members who have reason to view those audit trails.  The audit trails are kept in encrypted format and are only viewable by PUM Users who are members of Roles that have the appropriate Capabilities (access right tokens).  All audit trails are check-summed and are effectively indelible.

Four types of audit trail are maintained:

  • A Session Log is a record of all the activity that occurred during a specific Session invocation.  It keeps a log of all servers (Access Servers and Managed Servers) involved in the Session, details of the PUM User who invoked the Session, and the Account on the Managed Server that the Session utililzed to run the commands executed.  The Session Log will also contain a record of all commands executed (STDIN) and depending on the audit settings for the Session, may also record all the information returned i.e. STDOUT and STDERR as a result of the interaction between the PUM User and the Managed Server.

    PUM Session Log

  • An Access Server Log is a record of all the activity that is conducted through a specific Access Server and which is not included in a Session Log.  It keeps a log of when the Access Server was started, Session requests that were started or rejected, Sessions that were ended, failed attempts to login to the Access Server, connections to the Audit Servers, and any service messages relevant to the other servers with which this Access Server is communicating.
  • An Audit Server Log is a record of all the activity that is conducted through a specific Audit Server and which is not included in a Session Log.  It keeps a log of when the Audit Server was started, and any service messages relevant to the other servers with which this Audit Server is communicating.
  • A Database Log is a record of all activity in the PUM database instigated by the configuration of PUM objects by PUM Administrators.  Information recorded includes all additions, deletions and updates of objects.  The information retained includes a record of both the old and the new value for updated objects.

Command line driven utilities are provided for backup, archiving and export of clear text versions of the audit trails to a relational database for reporting purposes.  Audit trails may be viewed by PUM Administrators with the appropriate rights using the PUMAdmin web UI and through the PUMService web services.

The screenshot above is of an example Session Log.