Audit the security server

You enable auditing of the Security Server by monitoring the underlying Windows service which controls the security server, namely: OvSecurityServer.

When you enable auditing for the Security Server, the security server writes entries to the custom application log OvConfigChanges for every change that is made to the configuration of a user role in the user-roles editor. Each entry in the custom application log concerning an audit event for the security server contains the following information in the event header:

• Date:
  The date when the event occurred, for example: "1/23/2004"
• Time:
  The time at which the event occurred, for example: "10:18:52 AM"
• Type:
  The type of event, for example success or failure: This value is always set to the value "Success Audit" for the HPOM for Windows Security Server.
• User:
  The name of the user who called the security-server interface, for example: the user of the MMC console
• Hostname:
  The hostname of the HPOM for Windows management server, on which the event was logged
• Source:
  This value is always set to "OvSecSvr" for the HPOM for Windows Security Server.
• Category:
  This value is always set to "None"
• Event ID:
  A unique identifier for the logged event
• Description:
  A short description of the event, which has been logged, for example:

  (SS74) Message group 'Default' of the role 'PSoft Admin' has been updated, flags enabled: 'Own', 'Disown', 'Acknowledge', 'Unacknowledge', 'Change Severity', 'Change Text', 'Launch Operator Initiated Command', 'Relaunch Automatic Command'.

Related Topics:

• Security audits
• Log files an event sources
• Enable and disable security audits