| |
Because the server records audit information in separate container and volume audit files, audit responsibilities can be allocated to multiple auditors so that each auditor has responsibility for one or more audit trails.
Dividing auditing responsibilities works very well for auditing NDS containers. Container objects are commonly set up to reflect the structure of an organization. For example, in Figure 2, each container object can be separately audited by a different auditor.
Thus, a member of the sales organization can audit the Organizational Unit OU=SALES.O=ACME, while a member of the engineering organization can audit the OU=ENGR.O=ACME container. Similarly, the organization responsible for each server can assign an independent auditor for the individual volume audit trails on that server.
NOTE: The division of auditing responsibilities among multiple, isolated auditors means that an individual auditor will not have access to supporting audit information in other audit trails. For example, if you are the auditor of the SYS: volume audit trail, but do not have access to other container and volume audit trails, you cannot track a user's activities throughout NDS and other volumes. To audit the overall network system, at least one auditor must have rights to all audit trails.
The existing AUDITCON utility described in this section does not provide a means for correlating multiple volume and container audit trails, or for correlating the servers' audit trails with clients' external audit trails. Correlation of multiple audit trails must be performed manually. One way is to generate individual printed audit reports for each desired volume or container, and then merge or sort the various reports into a single trail.
| |