audit IM Configuration

This article describes how to configure the audit probe.
uimpga-ga
audit_IM
This article describes how to configure the audit probe.
If you need descriptions of the fields in the audit probe GUI, see the article v1.2 audit GUI Reference 
Configuration Overview
The following diagram shows the tasks you should complete to configure the audit probe. 
audit
audit
 
 
3
 
 
Verify Prerequisites
The audit probe requires the appropriate version of the 
compat-libstdc++
 runtime library to be installed on your system. This is required for C++ runtime compatibility. The copy of distribution specific 
compat-libstdc++
 runtime library can be obtained from one of the following links:
Deploy the audit Probe 
After installing CA UIM, the audit probe is available for deployment in the local archive. Before you can begin changing configuration settings, you must deploy and activate the audit probe. 
(Optional) Change the Database Connection 
By default, the audit probe searches for the data_engine probe in your environment and uses its connection string to add items to the UIM database. If you not want UIM administrators to have write access to the audit tables, you can create a separate database and modify the audit connection settings.  
 
Follow these steps:
 
  1.  In the audit probe configuration GUI, click 
    Setup
     ( audit_setup.png ).
  2. In the 
    Database connection 
    section, click 
    Specify database connection information: 
     
  3. Select your database vendor and enter the appropriate connection information. For more information about each field, see the article v1.2 audit GUI Reference.
Apply Auditing to the UIM Robots
Prior to applying auditing to your robots, you might see events originating from the hub probe. These events are inserted by the hub probe and are related to hub login. You can disable these messages by adding the 
audit = off
 key to the 
<hub> 
section of the hub configuration file (
hub.cfg
).
 
Follow these steps: 
 
  1. In the audit probe configuration GUI, click 
    Administer
     ( audit_administer.png ). The
     Audit administration
     dialog opens. 
  2. Click
     Find robots
    , configure your robot search settings, and click 
    OK
    . A list of available robots appears in the Audit administration window. The status of each robot is denoted by the icon next to it:
    •   1912342.png  - The robot does not support auditing.
    •   1912343.png  - The audit probe cannot communicate with the robot. This can occur if the system the robot is deployed to is turned off.
    •   1912344.png  - The robot is being audited.
    •   1912345.png  - The robot is not being audited.
  3. Select the robots you want to audit and click 
    Enable audit
    .
    The Audit administration window supports multi-select using <shift> or <ctrl>.
(Optional) Add Filters
The audit probe comes with a set of standard filters that you can use for your auditing data. If necessary, you can also create your own filters.
 
Follow these steps:
 
  1. In the audit probe configuration GUI, do one of the following:
    • Click 
      New Filter 
      ( audit_filter.png ).
       
       
    • In the list of filters, right-click and select 
      New Filter
      .
       
       
    • In the main window, right-click on an event that you want to filter on and select 
      Create filter
      . This method populates the filter field with the information from the selected event.
  2. Choose the fields that you want to use as filter criteria. Note the following:
    • Filter fields in the same filter use AND criteria.
    • Clicking the small button next to a filter field activates NOT criteria for that field. When NOT criteria is being used, the small button next turns red.
    • For more information about each field, see the article v1.2 audit GUI Reference. 
  3. Click 
    Save as, 
    enter a filter name and group, then click 
    OK
    . If you enter a filter group that does not already exist, a new group folder is created.
The new filter is now available in the left filter pane.
(Optional) Change any Advanced Settings
Advanced configuration options are available in the following locations:
  • The audit probe Infrastructure Manager GUI
  • The audit probe Raw Configure menu in either Admin Console or Infrastructure Manager.
  • The configuration files for each robot (
    robot.cfg
    )
Change the Log File Parameters
You can change both the audit log file size and the level of the alerts that are documented. The default location of the audit log file is
 
<UIM Install>\probes\service\audit.
 
Follow these steps:
 
  1. In the audit probe configuration GUI, click 
    Setup
     ( audit_setup.png ).
  2. In the 
    Log Setup
     section, change the 
    Level
     field desired logging level. The log levels that you can specify are:
    •  
      Level 0 - Fatal
       - Logs severe messages
    •  
      Level 1 - Error
       - Logs errors
    •  
      Level 2 - Warn
       - Logs warnings
    •  
      Level 3 - Info
       - Logs informational messages
    •  
      Level 4 - Debug 
      - Logs debugging messages
    •  
      Level 5 - Trace
       - Logs tracing/low-level debugging messages
  3. Change the
     Size(KB) 
    field to the desired log size in KB.
Change the Data Retention Period and Occurrence Time
By default, the data in the audit tables is stored for 30 days. You can change the retention settings so that your auditing data is kept for a different length of time. You can also change the administration time and interval. During administration time, data in the auditing tables is checked against the set retention period and removed if necessary. 
 
Follow these steps:
 
  1. In the audit probe configuration GUI, click 
    Setup 
    ( audit_setup.png ).
  2. In the 
    Data administration
     
     
    section, change the 
    Drop data after: 
    field to your desired retention period in days. You can select one of the defined values or enter your own.
  3. Change the 
    Administration time
     to the desired time of day and interval length. For example, if you enter 
    03:00:00 interval 24:00:00
    , data administration takes place every day at 3AM. 
     
     
Change the Database Connection Settings
You can specify the following database connection information for the audit probe:
  • the number of simultaneous database connections.
  • the length of time that the database connections are kept open.
 
Follow these steps:
 
  1. Open the Raw Configure menu for the audit probe.
  2. Change the following values:
    •  
      pool_keep_alive 
      -  The length of time the database connection stays open in seconds.
    •  
      threads_query_pool
       - The number of simultaneous connections allowed for the audit probe. Note that new connections are only established when existing connections are in use. For example, if 
      threads_query_pool 
      is set to 5, a 6th request results in an out of resources error.
Change the Auditing Settings in the Robot Configuration File (robot.cfg)
When the audit probe is deployed, an audit configuration key is added to the robot configuration file (
robot.cfg
). Advanced users can alter the values in this field to fine-tune their auditing settings.
Supported Values
The supported values for the audit key are as follows:
  • 5 - Enable auditing and save the messages to a file called 
    audit
     
    .txt
     in the Nimsoft\Robot directory.
  • 6 - Enable auditing and send messages to the message bus using the subject 
    AUDIT
    .
  • 7 - A combination of both 5 and 6.  Enable auditing, send the messages to the message bus, and save the messages to a file.
  • 8 - Enable auditing for robots deployed to hubs with 
    audit=robot 
    in their hub configuration files (
    hub.cfg
    ). 
With the exception of the 8, these values are determined by combining several base options that control auditing behavior:
  • 1 - Audit message are sent to a file called 
    audit.txt
     in the Nimsoft\Robot directory.
  • 2 - Audit messages are sent to the message bus with subject 
    audit
    .
  • 4 - Audit messages are enabled.
For example, the 6 value indicates that base options 4 and 2 are activated.  
You cannot set the value of the audit key to 1,2, or 4. The write settings value (1 or 2) must be combined with the enable auditing base value (4).
The 8 value does not follow this formula, it is a unique value that defers to the hub settings for auditing.