Table of Contents
Advertisement
eventUID INTEGER,
eventTs VARCHAR(21),
loginName VARCHAR(128),
aceUID VARCHAR(128),
packageUID VARCHAR(128),
instanceUID VARCHAR(128),
policyVersion INTEGER,
eventCategory INTEGER,
eventType INTEGER,
sessionID VARCHAR(128),
clientIP VARCHAR(128),
serverIP VARCHAR(128),
turnaroundTime VARCHAR(21),
handlerName VARCHAR(128),
returnCodeText VARCHAR(128),
messageParams VARCHAR(1024),
prevEventUID INTEGER UNIQUE,
eventSignature VARCHAR(128),
FOREIGN KEY(eventType) REFERENCES PolicyDb_EventType(eventType),
FOREIGN KEY(prevEventUID) REFERENCES PolicyDb_Event(eventUID),
PRIMARY KEY (eventUID));
Querying the Audit Event Log Data
You can use the ACE Server Component to create an audit trail for all transactions that the server performs.
You can use this system to track usage, security breaches, policy errors, performance, and so on.
The ACE Server Component Event Logging infrastructure is flexible enough to provide detailed logging when
necessary, without overwhelming the system by slowing performance.
The event logging mechanism captures enough information to answer the following questions:
Who activated an instance?
When was an instance activated?
Who revoked an instance?
Who turned off copy protection policy?
What changes to policy were made on a particular date?
Who is failing to authenticate?
The mechanism does not necessarily answer these questions directly, but provides enough data so that an
administrator can view event logs and find answers. The data being logged meets the following requirements:
Provides details of each transaction served.
Centralizes the gathering of event log data when multiple servers are used.
Provides a means for administrators to select which type of transactions are logged.
Can be configured to provide more or fewer logs when necessary.
Some of this audit trail is already visible through other features of the product. For example, the instance
viewer displays the date of the last policy get operation, or the expiration date, and so on. The event logging
mechanism can answer more difficult questions, such as which administrator made which policy changes and
which administrator deleted an ACE instance.
Table
A‐1 describes the data that is stored in a log entry.
Table A-1. Log Entry Data
Data
Audit log event ID (PK)
Log timestamp
VMware, Inc.
/* Primary key of the table (sequential) */
/* Timestamp of the event creation in uSec */
/* Login user name of the actor */
/* UID of the ACE affected by event */
/* UID of the package affected by event */
/* UID of the instance affected by event */
/* Version of ACE policy affected by event
/* Event Category as defined in EventType
/* Event Type as defined in EventType */
/* Ace Server Session ID */
/* IP Address of the client machine (resvd) */
/* IP Address of the Ace Server (reserved)
/* Server-side execution time in ms */
/* Name of the ClientLib handler (debug) */
/* Text error code returned to the client */
/* Tab separated list of event data */
/* UID of the previous recorded event */
/* Event signature, signed with server key
Description
An incrementing integer
In microseconds from 12:00 a.m. 01/01/1970,
stored as a decimal string
Appendix: Database Schema and Audit Event Log Data
*/
*/
*/
*/
59
Advertisement
Table of Contents
