Audit and Logging

System operation audit

All operations in a CBH system are recorded, and alarms are reported for misoperations, malicious operations, and unauthorized operations.

• System logon logs

Details about a login, including the login mode, system user, source IP address, and login time, are recorded. System login logs can be exported with just a few clicks.

• System operation logs

All system operation actions are recorded. System operation logs can be exported with just a few clicks.

• System reports

CBH displays all operation details of users in one place, including user statuses, user and resource creation, login methods, abnormal logins, and session controls.

System reports can be exported with just a few clicks and periodically reported by email.

• Alarm notifications

You can configure different alarm reporting methods and alarm severity levels for system operation and your application environment so that the CBH system sends alarm notifications by email or system messages as soon as it determines system exceptions and abnormal user operations.

Resource O&M audit

A CBH system records user operations throughout the entire O&M process and supports multiple O&M auditing techniques. It audits user operations, identifies O&M risks, and provides the basis for tracing and analyzing security events.

• Audit techniques

Linux command audits

For command operations through character-oriented protocols (such as SSH and Telnet), a CBH system records the entire O&M process, parses operation commands, reproduces operation commands, and quickly locates and replays operations using keywords in input and output results.

• Windows operation audit

For operations on terminals and applications through graphics protocol (such as RDP and VNC), the CBH system records all remote desktop operations, including keyboard actions, function key operations, mouse operations, window instructions, window switchover, and clipboard copy.

• Database command audit

For command operations through database protocols (such as DB2, MySQL, Oracle, and SQL Server), the CBH system records the entire process from single sign-on (SSO) to database command operations, parses database operation instructions, and reproduces all operating instructions.

• File transfer audits

For file transfer operations through file transfer protocols (such as FTP, SFTP, and SCP), the CBH system audits the entire file transfer process on web browsers or clients, and records the names and destination paths of transferred files.

• O&M audit methods

Real-time monitoring

Ongoing O&M sessions can be monitored, viewed, and terminated.

• History logs

All O&M operations are recorded and history session logs can be exported with just a few clicks.

• Session videos

Linux commands and Windows operations can be recorded by video recordings.

Video recordings can be downloaded with just a few clicks.

• Operation reports

CBH uses various reports to display O&M statistics in one place, including O&M action distribution over time, resource access times, session duration, two-person authorization, command interception, number of commands, and number of transferred files.

Operation reports can be exported with just a few clicks and periodically sent by email.

• Log Backup

CBH allows you to back up history session logs to a remote Syslog server, FTP/SFTP server, and OBS bucket for disaster recovery.