How to configure rollover scripts to manage logs and audits

  • 7023283
  • 17-Aug-2018
  • 05-Oct-2020

Environment

Privileged Account Manager 3.5

Situation

How to configure custom perl scripts to handle rollover operations for audit database files, audit videos and host log files.
Understanding basic storage maintenance requirements so the server does not run out of disk space.

Resolution

Rollover and archival procedures are handled through custom perl scripts in PAM. This accommodates for a wide range of security models / retention policies and archival procedures. There are options to configure how often this occurs, typically by time (in hours) or by size (in Mb), but the actual procedure that is executed is the custom perl script that is provided as the rollover script.

Documentation provides several example rollover scripts that can be used. They can be extended to handle any additional requirements or procedures that are necessary for the organization, such as moving the rolled-over files to an archive location. Alternatively, with these basic rollover procedures in place, custom bash scripts with crontab could handle these files in various ways. If any are developed, please do share with the community in our forums or as a cool tool!

Example rollover scripts can be found below:

Additional Information

For auto-expiration or deletion of audits, there are a few options or paths forward:
  1. Create a simple bash script integrated with crontab to review and expire rolled-over audit logs.
    Note: The rolled-over audits are time-stamped in the filename.

  2. Expand the default audit rollover perl script to include expiration as well. Please take a look at the following example:
    Example Audit Rollover & Expire Perl Script
    .

  3. A few Enhancements have been filed with Engineering for consideration.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.