Imperva Cyber Community

Hi Team,

Where are Audit logs gets stored ? 

Regards,

Neeraj

#DatabaseActivityMonitoring

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------

Hello Neeraj,

Thank you for the post, to answer your query.The audit directory path in SecureSphere is configured by default under var/SecureSphere/audit. This path can be changed when wanting to store audit data in a different location than the default, including on an external volume.

Sharing the below link for more details on it,

https://docs.imperva.com/bundle/v14.13-dam-administration-guide/page/6870.htm

------------------------------
Syed Noor Fazal
Product Support Engineer
------------------------------

Original Message:
Sent: 11-19-2023 07:59
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Team,

Where are Audit logs gets stored ? 

Regards,

Neeraj

#DatabaseActivityMonitoring

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------

Hi Syed,

So, they are not stored in Gateway?

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------

Original Message:
Sent: 11-20-2023 07:32
From: Syed Noor Fazal
Subject: Audit Logs

Hello Neeraj,

Thank you for the post, to answer your query.The audit directory path in SecureSphere is configured by default under var/SecureSphere/audit. This path can be changed when wanting to store audit data in a different location than the default, including on an external volume.

Sharing the below link for more details on it,

https://docs.imperva.com/bundle/v14.13-dam-administration-guide/page/6870.htm

------------------------------
Syed Noor Fazal
Product Support Engineer

Original Message:
Sent: 11-19-2023 07:59
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Team,

Where are Audit logs gets stored ? 

Regards,

Neeraj

#DatabaseActivityMonitoring

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------

Hi Neeraj

The logs are stored in the gateway, the MX only retrieve the data from the gateway to visualize via GUI

------------------------------
Alejandro Hernandez
Consultant and Trainer
Soluciones Integrales en Capacitacion SA de CV (SICAP)
Mexico D.F
------------------------------

Original Message:
Sent: 11-21-2023 00:23
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Syed,

So, they are not stored in Gateway?

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore

Original Message:
Sent: 11-20-2023 07:32
From: Syed Noor Fazal
Subject: Audit Logs

Hello Neeraj,

Thank you for the post, to answer your query.The audit directory path in SecureSphere is configured by default under var/SecureSphere/audit. This path can be changed when wanting to store audit data in a different location than the default, including on an external volume.

Sharing the below link for more details on it,

https://docs.imperva.com/bundle/v14.13-dam-administration-guide/page/6870.htm

------------------------------
Syed Noor Fazal
Product Support Engineer

Original Message:
Sent: 11-19-2023 07:59
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Team,

Where are Audit logs gets stored ? 

Regards,

Neeraj

#DatabaseActivityMonitoring

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------

Hello Neeraj,

Yes the logs are stored on the gateway, when you go to audit data and click on view audit, the logs are pulled from the gateway to the MX based on request.

------------------------------
Syed Noor Fazal
Product Support Engineer
------------------------------

Original Message:
Sent: 11-21-2023 00:23
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Syed,

So, they are not stored in Gateway?

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore

Original Message:
Sent: 11-20-2023 07:32
From: Syed Noor Fazal
Subject: Audit Logs

Hello Neeraj,

Thank you for the post, to answer your query.The audit directory path in SecureSphere is configured by default under var/SecureSphere/audit. This path can be changed when wanting to store audit data in a different location than the default, including on an external volume.

Sharing the below link for more details on it,

https://docs.imperva.com/bundle/v14.13-dam-administration-guide/page/6870.htm

------------------------------
Syed Noor Fazal
Product Support Engineer

Original Message:
Sent: 11-19-2023 07:59
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Team,

Where are Audit logs gets stored ? 

Regards,

Neeraj

#DatabaseActivityMonitoring

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------

Hi Imperva Community,

   In our Imperva AWS setup, Can see Audit logs in Gateways but not able to view in MX Web GUI under  Audit->DB audit data.

Even though the 2 gateways doesnt has any storage issue and the Audit policies has event counts listed in the bracket.

But Violation and alerts are able to view under monitoring tab.

Advise on the possible issues or missing settings.

Image with DB Audit data with event counts in each Audit policy:

Image with specific Audit policy filtered for data view ,but no data listed.

------------------------------
Gomathi Dasarathan
Consultant - Cyber Endpoint Network Security
NCS Pte. Ltd.
Singapore
------------------------------

Original Message:
Sent: 11-23-2023 01:43
From: Syed Noor Fazal
Subject: Audit Logs

Hello Neeraj,

Yes the logs are stored on the gateway, when you go to audit data and click on view audit, the logs are pulled from the gateway to the MX based on request.

------------------------------
Syed Noor Fazal
Product Support Engineer

Original Message:
Sent: 11-21-2023 00:23
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Syed,

So, they are not stored in Gateway?

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore

Original Message:
Sent: 11-20-2023 07:32
From: Syed Noor Fazal
Subject: Audit Logs

Hello Neeraj,

Thank you for the post, to answer your query.The audit directory path in SecureSphere is configured by default under var/SecureSphere/audit. This path can be changed when wanting to store audit data in a different location than the default, including on an external volume.

Sharing the below link for more details on it,

https://docs.imperva.com/bundle/v14.13-dam-administration-guide/page/6870.htm

------------------------------
Syed Noor Fazal
Product Support Engineer

Original Message:
Sent: 11-19-2023 07:59
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Team,

Where are Audit logs gets stored ? 

Regards,

Neeraj

#DatabaseActivityMonitoring

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------

I've read all of the responses in this thread, and they're all good and accurate for the OnPremises DAM solution.  I just wanted to share a couple of additional datapoints with you:

1. If you're leveraging DRA as part of your overall security platform, a meta copy of some of the audit logs also resides on the Analytics Servers for a short period of time.  If you were interested in locations of data in the environment.
2. Audit data also resides in Audit Archive Files (TGZs), in whatever location the audit archive followed action sends them to.
3. If you're leveraging Data Secure Fabric (DSF), Sonar, or jSonar, your audit logs should reside on the DSF Hub or Warehouse, and should exist in whatever location your retention policies have specified.  They may be local in DSF, they may nearby on a NAS or backup, or some of them may be remote on an AWS Glacier.

.

I mention that last point in particular because many of Imperva's Data Security customers' licensing now entitles them to use our Data Security Fabric solution, which offers incredible integration capabilities, including an incredibly robust and fast backend for both retention and search.

.

So, anytime I hear logs, log locations, retention, archives, etc. brought up in a discussion, I try to see if the customer may already have licensing for Data Security Fabric so that they may dramatically enhance the storage and retention of their data, with automatic retention policies and rotation, and also with audit search capability an order of magnitude faster than querying the multiple Gateways in an Onpremises DAM only environment.

.

I really hope that helps.  If you have any questions, please don't hesitate to reach out here, or to your local Imperva team or Imperva Channel Partner.

------------------------------
John Thompson
Director, Channel Presales
Imperva
San Diego CA
------------------------------

Original Message:
Sent: 11-19-2023 07:59
From: Neeraj Singh Bhoriyal
Subject: Audit Logs

Hi Team,

Where are Audit logs gets stored ? 

Regards,

Neeraj

#DatabaseActivityMonitoring

------------------------------
Neeraj Singh Bhoriyal
Senior Delivery Security Analyst
Accenture Solutions Pvt. Ltd.
Bangalore
------------------------------