View Full Version : audit log monitoring

2009-10-18, 16:11
Good day,

I have a new requirement handed down by management that we are required to implement. CP support says that SmartView Monitor cannot produce the desired results, nor can SNMP traps be done for it.

Here's the requirement:

The firewall will immediately alert the administrator(s) by displaying a message at the remote administrative console, generate an alarm or alert, and/or page or send an electronic message if the audit trail meets or exceeds 75 % percentage or more of storage capacity of the partition on which it is stored.

My first thought after careful review is - what do they mean by "audit trail?"

Secondly, under the assumption that "audit trail" means just the audit tab entries of administrator activity, could this be done with some sort of cron job script? If so, how would this be accomplished, keeping in mind that none of us have any scripting experience...

Of course alternative ways to meet the requirement would be welcomed as well.

Thank you all,

2009-10-18, 17:32
I would indeed say that the audit trail means the audit log.

The audit log is not only a separate tab, it is also a separate file, I do not have the name handy, but this can be easily scripted and run through cron.
I think it's the 3 files starting with adt in the $FWDIR/log

2009-10-18, 18:01
Correct, the audit logs are the *adt* files under $FWDIR/log.

Presumably you're already using some sort of server monitoring system? e.g. OpenView, zenoss, Tivoli, Big brother, etc. Disk utilisation is a standard monitoring item - all you need to do is to configure it to alert if /var gets over 75% on your management system.

Generally 75% is a bit low to alert on, with current typical disk capacity, 75% means tens of gigs still available.

2009-10-18, 18:15
I thought $FWDIR was under the /opt partition?

I'll take a look next time I'm at work...


2009-10-18, 19:19
I thought $FWDIR was under the /opt partition?


[Expert@FW]# echo $FWDIR
[Expert@FW]# cd $FWDIR
[Expert@FW]# ls -ld log
lrwxrwxrwx 1 root root 28 Mar 13 2009 log -> /var/opt/CPsuite-R70/fw1/log

2009-10-18, 19:55
well, as usual my memory failed me again.

opt directory under var partition...