Updated on 2024-05-16 GMT+08:00

Audit and Logging

Audit

A CBH system records audit logs for all operations on users' personal data, including adding, modifying, querying, and deleting data. The logs can be backed up to a remote server or local computer. Users with the audit permission can view and manage logs of user accounts in lower-level departments. The system administrator Admin has the highest permissions and can view and manage operation records of all user accounts used to log in to the CBH system.

In a CBH system, each system user has a unique identifier. After a system user logs in to the CBH system, the CBH system logs their operations and monitors and audits their operations on managed resources based on the unique identifier so that any security events can be discovered and reported in real time.

Table 1 CBH audit functions

Function

Description

System operation audit

All operations in a CBH system are recorded, and alarms are reported for misoperations, malicious operations, and unauthorized operations.

  • System logon logs

Details about a login, including the login mode, system user, source IP address, and login time, are recorded. System login logs can be exported with just a few clicks.

  • System operation logs

All system operation actions are recorded. System operation logs can be exported with just a few clicks.

  • System reports

CBH displays all operation details of users in one place, including user statuses, user and resource creation, login methods, abnormal logins, and session controls.

System reports can be exported with just a few clicks and periodically reported by email.

  • Alarm notifications

You can configure different alarm reporting methods and alarm severity levels for system operation and your application environment so that the CBH system sends alarm notifications by email or system messages as soon as it determines system exceptions and abnormal user operations.

Resource O&M audit

A CBH system records user operations throughout the entire O&M process and supports multiple O&M auditing techniques. It audits user operations, identifies O&M risks, and provides the basis for tracing and analyzing security events.

  • Audit techniques

Linux command audits

For command operations through character-oriented protocols (such as SSH and Telnet), a CBH system records the entire O&M process, parses operation commands, reproduces operation commands, and quickly locates and replays operations using keywords in input and output results.

  • Windows operation audit

For operations on terminals and applications through graphics protocol (such as RDP and VNC), the CBH system records all remote desktop operations, including keyboard actions, function key operations, mouse operations, window instructions, window switchover, and clipboard copy.

  • Database command audit

For command operations through database protocols (such as DB2, MySQL, Oracle, and SQL Server), the CBH system records the entire process from single sign-on (SSO) to database command operations, parses database operation instructions, and reproduces all operating instructions.

  • File transfer audits

For file transfer operations through file transfer protocols (such as FTP, SFTP, and SCP), the CBH system audits the entire file transfer process on web browsers or clients, and records the names and destination paths of transferred files.

  • O&M audit methods

Real-time monitoring

Ongoing O&M sessions can be monitored, viewed, and terminated.

  • History logs

All O&M operations are recorded and history session logs can be exported with just a few clicks.

  • Session videos

Linux commands and Windows operations can be recorded by video recordings.

Video recordings can be downloaded with just a few clicks.

  • Operation reports

CBH uses various reports to display O&M statistics in one place, including O&M action distribution over time, resource access times, session duration, two-person authorization, command interception, number of commands, and number of transferred files.

Operation reports can be exported with just a few clicks and periodically sent by email.

  • Log Backup

CBH allows you to back up history session logs to a remote Syslog server, FTP/SFTP server, and OBS bucket for disaster recovery.

Logging

CBH supports managing password change logs and command execution logs and viewing system logs and audit logs.

CBH had interconnected with Log Tank Service (LTS) for log collection, analysis, and storage. You can use LTS to efficiently perform device O&M management, service trend analysis, and security monitoring and audit.

For details about LTS and how to enable LTS, see "Configuring LTS for CBH".

Log Records

A CBH system records audit logs for all operations on users' personal data, including adding, modifying, querying, and deleting data. The logs can be backed up to a remote server or local computer. Users with the audit permission can view and manage logs of user accounts in lower-level departments. The system administrator Admin has the highest permissions and can view and manage operation records of all user accounts used to log in to the CBH system.