2.6.3 Audit Server Configuration
- Yuriy Ostrovskiy (Deactivated)
Hello. In this video, you will learn what an Audit Server is and how to configure it.
The Audit Server is a service that is responsible for processing backend configurations and also for the web interface in ACDI. In order to get to the Audit Server settings, you need to go to “Administration,” then “Audit Server.” Here are tabs with different settings of the Audit Server. Let's go through them one by one.
The settings in this tab include the ID of the ACDI application item, the license you get from SKyPRO, OpenSearch endpoint name, name of the endpoint for open search, and many other service settings.
For example, here you can define the FQDN of ACDI if you want to change it and a path where your export data will be stored. This means that if you have a scheduled report the size will be bigger than the configured limit, it will be stored in a folder set in the “Audit Export data” option.
You can configure a logo of a company in export files maximum as well as the maximum email file size — the size of documents that can be sent via email.
Here are also “Export mail Subject,” ‘Export mail Text,” “Export mail HTML,” and “OpenSearch request size,” which is set by default to 100,000 and can only be extended if you make changes in the appropriate setting in OpenSearch.
The ”Maximum JSON object size” setting with the value in megabytes. Also here, “Amount of worker processes,” postprocessing data lifetime limit in seconds, and “ACDI Node name”: if you have one node, the settings value should be left as it’s set by default but in other cases, you'll need to customize it.
Let’s look at the “External Configurations” settings panel which contains paths to where different ACDI services are located. If you need to move some of those services to another directory or directories, these settings must be changed.
Okay, here is the “ACDI Services List.” AuditProxy is a proxy service.
You can learn about the AuditProxy in the ACDI Core Engine video.
“Audit Report eDir” is a service that makes a snapshot from eDirectory. Next in the row is the “Audit Report AD” which serves as the snapshot service for Active Directory. “Audit Export” processes reports and creates files. “Audit Server” — the one and only service responsible for the ACDI web interface. “OpenSearch,” “OpenSearch Dashboards” and “Audit DirSync.” “Audit DirSync” is a service that collects and processes event data from Active Directory.
Let's go to the next settings tab, namely to the “Day Time format” tab.
Here you can define if you want to get dates in a browser-defined format or you can set a time zone for the frontend web interface. You see it in Dashboards, Time Machine, and other ACDI service tabs where dates with time zones are used. Basically, that’s all for this settings tab.
These settings are of extreme importance because each one of them contains the so-called - templates and rollovers for indices where the snapshot and audit data are stored.
The settings in this tab mirror the settings in Core Engine — “LDAP Connections”.
Here you can see that an index has its own unique name, you can configure a type of directory used - eDirectory or Active Directory and other settings for each type of indices: for report indices which contain aliases used for reading and searching data.
Okay, you see here “write-report-default-” and it’s a pattern for writing. “The key attribute” is used for linking objects with audit data. Finally, “Report Index Day-Time pattern”.
You can define a time zone for each date-time field you use. These settings will affect dates displayed in Time Machine.
There are also “Service Attributes (List of additional attributes)” that are not received from eDirectory or Active Directory, must be requested additionally, and will be removed in the Time Machine.
Let's go to the Time Machine to gain a deeper insight into additional attributes. So, eDirectory is your index source. You see a list of snapshots on this page.
Okay, let's move to History Browser, select a random object and the date & time you see here will be affected by the time zone set in the “Service Attributes (List of additional attributes)” settings in Audit Server.
If you click “Show Service Attributes,” you’ll get to see additional attributes used by ACDI for internal purposes.
This tab contains a list of endpoints used by ACDI. Here you can approve or forbid access to endpoints for different roles.
For example, let’s assume you want to limit access to the History Browser or to the object compare option, you can remove managers from this list which will mean the following: if users with the role “managers” try to get to the History Browser, this attempt will be forbidden and declined.
Next, you have here three options: “Reports Menu,” “Dashboards Menu” and “Home Page Cards” are the settings whose configuration will affect the ACDI web interface.
“Reports Menu” is a list of submenus you have in “Reports”.
Let's add a submenu here: name it “custom”. It will contain and show you all reports which have the tag “custom”. And this submenu will be visible. Click “Save” and then refresh the page.
In “Reports” you see now your “custom” submenu and it has a few custom reports in it.
The same applies to the “Dashboards Menu”.
“Home Page Cards” is a list of cards you have on the ACDI home page like dashboards, reports, time machine, etc.
Of course, you can edit the existing cards or add new ones if you need to. Furthermore, the CSS styling, path to an image, background color, and text can be defined as well as a URL path can be added from a list where you will be forwarded on click.
Let’s go to the next tab — Miscellaneous AuditServer settings which contains a setting for configuring the width of the ACDI menu on your left. So, that’s it — Audit Server in ACDI.
Thank you for your attention and take care.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch