Querying the Audit Event Log Data
You can use the ACE Server Component to create an audit trail for all transactions that
the server performs. You can use this system to track usage, security breaches, policy
errors, performance, and so on.
The ACE Server Component Event Logging infrastructure is flexible enough to provide
detailed logging when necessary, without overwhelming the system by slowing
performance.
The event logging mechanism captures enough information to answer the following
questions:
Who activated an instance?
When was an instance activated?
Who revoked an instance?
Who turned off copy protection policy?
What changes to policy were made on a particular date?
Who is failing to authenticate?
The mechanism does not necessarily answer these questions directly, but provides
enough data so that an administrator can view event logs and find answers. The data
being logged meets the following requirements:
Provides details of each transaction served.
Centralizes the gathering of event log data when multiple servers are used.
Provides a means for administrators to select which type of transactions are
logged.
Can be configured to provide more or fewer logs when necessary.
Some of this audit trail is already visible through other features of the product. For
example, the instance viewer displays the date of the last policy get operation, or the
expiration date, and so on. The event logging mechanism can answer more difficult
questions, such as which administrator made which policy changes and which
administrator deleted an ACE instance.
VMware, Inc.
Appendix: Database Schema and Audit Event Log Data
81