Enable EGO event logging for auditing purposes

You must be a cluster administrator to perform this task. You have previously run egoconfig mghost shared_dir during the installation for multi-host clusters or UNIX installations.

EGO monitors and logs security-sensitive events related to EGO services and to host, user, and consumer containers. By default, auditing of these events is disabled. To collect information to better monitor system security, enable logging by configuring the ego.conf, egosc.conf.xml, and rs.xml files.

Note the following:
  • Audit logs can be enabled independently of each other.

  • For multi-host clusters, configure files from within the shared directory, not the local directory (local directory configurations are ignored). For single-host Windows clusters, you can configure local files.

    Important:

    UNIX installations require a shared directory.

  • Only master hosts perform audit logging; compute hosts do not normally have access to the shared locations where configuration files are stored. You never need to enable audit logging (configure files) on compute hosts.

  1. To enable logging for auditing of core EGO functions (for example, security):
    1. Open ego.conf.
      • On Windows: $EGO_CONFDIR\ego.conf

      • On Linux: $EGO_CONFDIR/ego.conf

    2. Turn on EGO audit logging by adding the following parameter:

      EGO_AUDIT_LOG=Y

    3. At this time, you may also want to define an audit log directory by configuring the EGO_AUDIT_LOGDIR parameter. This is the default directory location and name:
      • On Windows: EGO_AUDIT_LOGDIR=$EGO_CONFDIR\audits

      • On Linux: EGO_AUDIT_LOGDIR=$EGO_CONFDIR/audits

      Note:

      You can change the name, but the location must be a shared directory; ensure there are no spaces in the directory name.

      Once defined, the vemkd and egosc daemons automatically create the directory.

    4. Save and close the file.

      Note that there is no automatic file roll-over or audit log cleanup. Ensure that you manually manage the file size.

  2. To enable audit logging for the service controller:
    1. Open egosc.conf.xml
      • On Windows: EGO_TOP\\eservice\esc\conf\egosc.conf.xml

      • On Linux: EGO_TOP//eservice/esc/conf/egosc.conf.xml

    2. Turn on the EGO service controller log (egoservice.audit.log) by adding the following element:

      <ESC_AUDIT_LOG>ON</ESC_AUDIT_LOG>

    3. Save and close the file.
  3. To enable audit logging for the repository service:
    1. Open rs.xml.
      • On Windows: EGO_TOP\eservice\esc\conf\services\rs.xml

      • On Linux: EGO_TOP/eservice/esc/conf/services/rs.xml

    2. Turn on the repository service audit log by adding the following element:

      <ego:EnvironmentVariable name="RS_AUDIT_LOG">ON</ego:EnvironmentVariable
      >

      Note:

      The default setting is OFF. The setting is case sensitive.

      The RS logs information into the configured audit log directory, as specified by the parameter EGO_AUDIT_LOGDIR defined in ego.conf. If this parameter is not found or defined, the RS logs to this directory:

      • On Windows: EGO_TOP\audits

      • On Linux: EGO_TOP/audits

    3. Save and close the file.
    4. Stop the RS service.

      egosh service stop RS

  4. Restart EGO on the master host.

    egosh ego restart

    EGO restarts any currently stopped services. Changes made to stopped services now take effect.