en dysant audit log
TRANSCRIPT
Data monitoring and security for Lotus Domino platform
1. What is AuditLog in fact?
2. How does it work?
3. Why is it so special?
4. How can it be used?
5. Resumption
AuditLog monitors changes appearing in Domino databases while they are used.
What does it mean?!
Let’s say we have four types of „objects” in Domino environment:
Databases Documents in databases ACL Databases’ source code
AuditLog monitors and registers anything what we – users, administrators, developers - can do to these objects!
Create Open Modify Delete
So when you
Any of those objects
AuditLog creates proper log in logs database Logs database
AuditLog is some kind of Domino server „plug-in” written in C/C++, that has one job to do:
This job is to listen to and log predefined Domino server „sounds”.
Those sounds can be:
New document in mail database with [email protected] address in field „To:”
John Smith/Company opens CRM database
Any of authorized users modifies CRM’s ACL
When object is modified – AuditLog captures and registers all before and after values
So let’s assume it in graphical way.
We have Domino server
And databases on it
And users working with databases
At the very beginning AuditLog is dumb
We configure it to listen to mentioned previously sounds
When predefined sound appears AuditLog creates proper log in logs database and optionally sends notification to selected users
It needs no database source code modification to start monitoring any kind of changes in any database
You can start monitoring houndredes of databases right now
You can monitor even those databases which are source code secured
You can monitor not only single document changes but also changes made to database itself, permissions or even schema
You want to be notified about any e-mail message your
employee John Smith sends to your client – LotusWise
company
All you have to do is to configure Document Monitor in
AuditLog Configuration database where you select:
Database to be monitored - John Smith’s mail database
Event to be monitored – Create (any new document)
Condition – LotusWise word in any of „To:, Bc:, Bcc:” fields
of message form
Person to be notified - yourself
You want to be notified about any modification made to
Lead document in CRM database where Price field is bigger
then 50.000 EUR
All you have to do is to configure Document Monitor in AuditLog
Configuration database where you select:
Database to be monitored – CRM database
Event to be monitored – Modification
Condition – monitor all fields if value in „Price” field is > 50.000
Person to be notified - yourself Log about such a change will contain both before and after
value
You want to know who, how often and when opens
KnowledgeStrom database
All you have to do is to configure Database Monitor in
AuditLog Configuration database where you select:
Database to be monitored - KnowledgeStorm
Event to be monitored – Open
Condition – no condition, every opening is to be captured
Person to be notified – nobody (just at the end of a day you
will review created logs) You can export logs to any relational database to analyze
them
You want to know who and when deletes previligies to
ISO database
All you have to do is to configure ACL Monitor in AuditLog
Configuration database where you select:
Database to be monitored - ISO
Event to be monitored – Delete
Condition – no condition, every deletation is to be captured
Person to be notified – nobody (just at the end of a day you
will review created logs) In logs database there will be also ACL value before
deletation
You want to know which developer creates error code to
your new project „Business trip requests management” -
BTRM All you have to do is to configure Schema Monitor in
AuditLog Configuration database where you select:
Database to be monitored - BTRM
Event to be monitored – Create, Modify, Delete
Condition – no condition, every source code event will be
captured with before and after value, date and author
Understand who is doing what to your data and when
Monitor your databases activities without application
modification Capture, store and report changes in documents, databases,
permissions and schemas
Receive instant notifications when key database events occur
Store all audit data in central repository for easy management
and reporting
Comply with audit, security and governence requirements of
21 CFR Part 11, HIPAA, Sarbanes-Oxley, Basel II and the US Patriot
Act