Categories And Audit Events That Hdlm Can Output To The Audit Log - Hitachi XP P9500 User Manual

Category
ContentAccess
ConfigurationAccess
Maintenance
AnomalyEvent
The categories of audit log data that can be collected differ depending on the product.
The following sections explain only the categories of audit log data that can be
collected by HDLM. For the categories of audit log data that can be collected by a
product other than HDLM, see the corresponding product manual.
2.12.1 Categories and Audit Events that HDLM Can Output to the
Audit Log
The following table lists and explains the categories and audit events that HDLM can
output to the audit log. The severity is also indicated for each audit event.
An event indicating that an attempt to access critical data has succeeded or
failed, including:
• Access to a critical file on a NAS or content access when HTTP is
supported
• Access to the audit log file
An event indicating that a permitted operation performed by the administrator
has terminated normally or failed, including:
• Viewing or updating configuration information
• Updating account settings, such as adding and deleting accounts
• Setting up security
• Viewing or updating audit log settings
An event indicating that a maintenance operation has terminated normally or
failed, including:
• Adding or removing hardware components
• Adding or removing software components
An event indicating an abnormal state such as exceeding a threshold,
including:
• Exceeding a network traffic threshold
• Exceeding a CPU load threshold
• Reporting that the temporary audit log data saved internally is close to its
maximum size limit or that the audit log files have wrapped back around
to the beginning
An event indicating an occurrence of abnormal communication, including:
• A SYN flood attack or protocol violation for a normally used port
• Access to an unused port (such as port scanning)
2. HDLM Functions
Explanation
45