iChain 2.2 with Support Pack 2 includes NSure Audit functionality. This section describes how to enable the logging feature within iChain, as well as a description of the events that are available to be logged.
The Nsure Audit configuration functionality is managed through the iChain Command Line Interface (CLI). The configuration can be set and viewed using get log and set log commands. The following two tables list the commands and events.
help get log |
Lists a description of the get log command |
get log |
Lists the available events along with whether they are enabled. |
help set log |
Lists a description of the set log command. |
set log <event> = <yes|no> |
Activates or deactivates a given event. For example, "set log AuthSuccess = yes" will turn on the event that notifies when a successful authentication has occurred. |
set log all = <yes|no> |
Activates or deactivates all events. |
set log server address = <ip address> |
Configures the IP address of the Nsure Audit server. For example, set log server = 151.155.115.155. |
set log server port = <port> |
Configures the port number of the Nsure Audit server. By default, the port number is 289. |
set log server port = default |
Configures iChain to use the default port number of the Nsure Audit server (289). |
NSure Audit provides tools to view the events generated by iChain. NSure Audit requires an LSC file that describes the schema associated with the events generated by each product that is instrumented for NSure Audit. The LSC file for iChain is included in the installation of NSure Audit, and will be installed as part of that system.
AuthSuccess |
A user has successfully authenticated to iChain. |
AuthFailed |
A user has failed to authenticate to iChain. |
IntruderLockout |
A user has tripped the intruder lockout by failing to authenticate multiple times (as defined in eDirectory). |
AccessAllowed |
Access control has allowed access to a given URL. |
AccessDenied |
Access control has denied access to a given URL. |
CertificateRevoked |
The certificate used for mutual authentication has been revoked. |
NoCRLAccess |
iChain does not have access to the CRL distribution point. |
URLNotFound |
The user tried to access a non-existent URL. |
SystemStarted |
iChain has been started. |
SystemShutDown |
iChain has been shut down. |
TimeRestricted |
The user will not have access due to a time restriction. |
OLACParameters |
An OLAC parameter was accessed. |
OLACFailed |
OLAC failed to produce a given parameter. |
FormFillSuccess |
A Form Fill form was successfully filled. |
FormFillFailed |
A Form Fill form was not filled correctly. |
PasswordExpired |
The user's password has expired. |
CertificateExpired |
The certificate used for mutual authentication has expired. |
URLAccessed |
The given URL was accessed. |
IPAccessAttempted |
The user attempted to access a URL that was specified by an IP address instead of the host name configured in iChain. |