Where are Audit logs gets stored ?
Thank you for the post, to answer your query.The audit directory path in SecureSphere is configured by default under var/SecureSphere/audit. This path can be changed when wanting to store audit data in a different location than the default, including on an external volume.
Sharing the below link for more details on it,
So, they are not stored in Gateway?
The logs are stored in the gateway, the MX only retrieve the data from the gateway to visualize via GUI
Yes the logs are stored on the gateway, when you go to audit data and click on view audit, the logs are pulled from the gateway to the MX based on request.
Hi Imperva Community,
In our Imperva AWS setup, Can see Audit logs in Gateways but not able to view in MX Web GUI under Audit->DB audit data.
Even though the 2 gateways doesnt has any storage issue and the Audit policies has event counts listed in the bracket.
But Violation and alerts are able to view under monitoring tab.
Advise on the possible issues or missing settings.
Image with DB Audit data with event counts in each Audit policy:
Image with specific Audit policy filtered for data view ,but no data listed.
I've read all of the responses in this thread, and they're all good and accurate for the OnPremises DAM solution. I just wanted to share a couple of additional datapoints with you:
I mention that last point in particular because many of Imperva's Data Security customers' licensing now entitles them to use our Data Security Fabric solution, which offers incredible integration capabilities, including an incredibly robust and fast backend for both retention and search.
So, anytime I hear logs, log locations, retention, archives, etc. brought up in a discussion, I try to see if the customer may already have licensing for Data Security Fabric so that they may dramatically enhance the storage and retention of their data, with automatic retention policies and rotation, and also with audit search capability an order of magnitude faster than querying the multiple Gateways in an Onpremises DAM only environment.
I really hope that helps. If you have any questions, please don't hesitate to reach out here, or to your local Imperva team or Imperva Channel Partner.