Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Audit Logs

    Posted 11-19-2023 08:00

    Hi Team,

    Where are Audit logs gets stored ? 

    Regards,

    Neeraj


    #DatabaseActivityMonitoring

    ------------------------------
    Neeraj Singh Bhoriyal
    Senior Delivery Security Analyst
    Accenture Solutions Pvt. Ltd.
    Bangalore
    ------------------------------


  • 2.  RE: Audit Logs

    Posted 11-20-2023 07:33

    Hello Neeraj,

    Thank you for the post, to answer your query.The audit directory path in SecureSphere is configured by default under var/SecureSphere/audit. This path can be changed when wanting to store audit data in a different location than the default, including on an external volume.

    Sharing the below link for more details on it,

    https://docs.imperva.com/bundle/v14.13-dam-administration-guide/page/6870.htm



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 3.  RE: Audit Logs

    Posted 11-21-2023 00:23

    Hi Syed,

    So, they are not stored in Gateway?



    ------------------------------
    Neeraj Singh Bhoriyal
    Senior Delivery Security Analyst
    Accenture Solutions Pvt. Ltd.
    Bangalore
    ------------------------------



  • 4.  RE: Audit Logs

    Posted 11-22-2023 09:43

    Hi Neeraj

    The logs are stored in the gateway, the MX only retrieve the data from the gateway to visualize via GUI



    ------------------------------
    Alejandro Hernandez
    Consultant and Trainer
    Soluciones Integrales en Capacitacion SA de CV (SICAP)
    Mexico D.F
    ------------------------------



  • 5.  RE: Audit Logs

    Posted 11-23-2023 01:43

    Hello Neeraj,

    Yes the logs are stored on the gateway, when you go to audit data and click on view audit, the logs are pulled from the gateway to the MX based on request.



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 6.  RE: Audit Logs

    Posted 01-09-2024 23:10

    Hi Imperva Community,

       In our Imperva AWS setup, Can see Audit logs in Gateways but not able to view in MX Web GUI under  Audit->DB audit data.

    Even though the 2 gateways doesnt has any storage issue and the Audit policies has event counts listed in the bracket.

    But Violation and alerts are able to view under monitoring tab.

    Advise on the possible issues or missing settings.

    Image with DB Audit data with event counts in each Audit policy:

    Image with specific Audit policy filtered for data view ,but no data listed.



    ------------------------------
    Gomathi Dasarathan
    Consultant - Cyber Endpoint Network Security
    NCS Pte. Ltd.
    Singapore
    ------------------------------



  • 7.  RE: Audit Logs

    Posted 01-15-2024 14:51

    I've read all of the responses in this thread, and they're all good and accurate for the OnPremises DAM solution.  I just wanted to share a couple of additional datapoints with you:

    1. If you're leveraging DRA as part of your overall security platform, a meta copy of some of the audit logs also resides on the Analytics Servers for a short period of time.  If you were interested in locations of data in the environment.
    2. Audit data also resides in Audit Archive Files (TGZs), in whatever location the audit archive followed action sends them to.
    3. If you're leveraging Data Secure Fabric (DSF), Sonar, or jSonar, your audit logs should reside on the DSF Hub or Warehouse, and should exist in whatever location your retention policies have specified.  They may be local in DSF, they may nearby on a NAS or backup, or some of them may be remote on an AWS Glacier.

    .

    I mention that last point in particular because many of Imperva's Data Security customers' licensing now entitles them to use our Data Security Fabric solution, which offers incredible integration capabilities, including an incredibly robust and fast backend for both retention and search.

    .

    So, anytime I hear logs, log locations, retention, archives, etc. brought up in a discussion, I try to see if the customer may already have licensing for Data Security Fabric so that they may dramatically enhance the storage and retention of their data, with automatic retention policies and rotation, and also with audit search capability an order of magnitude faster than querying the multiple Gateways in an Onpremises DAM only environment.

    .

    I really hope that helps.  If you have any questions, please don't hesitate to reach out here, or to your local Imperva team or Imperva Channel Partner.



    ------------------------------
    John Thompson
    Director, Channel Presales
    Imperva
    San Diego CA
    ------------------------------