| |
To provide continuous audit protection, you must ensure that a copy of your current audit configuration is available and can be reinstalled if the online audit configuration is lost. This involves a combination of automatic mechanisms, backup software, and manual procedures.
The Audit Policy property of the Audit File object contains all of the audit configuration data for container audit trails, much of the audit configuration data for volume audit trails, and all of the audit configuration data held by the server about external audit trails.
This includes the audit file size rollover options, and a map of audited volume and container events. Because the Audit File object is an NDS object, it is automatically replicated to storage on other servers when you create or modify the Audit File object.
The Audit File object for an external audit trail does not contain client-specific information, such as what audit events are preselected by the client Network Trusted Computing Base.
In addition, you can run SBACKUP to back up the Audit File object and its properties. Refer to Backing Up Data for more information about backing up NDS. NDS backups are intended only for recovery from catastrophic losses of NDS; the primary backup mechanism is the replication of the NDS database onto multiple servers.
WARNING: SBACKUP and its Target Service Agents (TSAs) do not back up volume and container audit files. If you want to recover audit files after a server crash, you must manually back up audit files using AUDITCON or another utility.
SBACKUP and its TSAs do not back up audit preselection flags for files, directories, or users. If you audit specific files/directories or users, you must manually log that audit configuration. Otherwise, you won't be able to restore the desired audit configuration after recovering from a backup.
| |