Chapter 17-RMX Administration and Utilities
17-96
Auditor
An Auditor is a user that can view Auditor and CDR files for system
auditing purposes.
The Event Auditor enables administrators and auditors to analyze
configuration changes and unusual or malicious activities in the RMX
system.
Auditor operates in real time, recording all administration activities and
login attempts from the following RMX modules:
• Control Unit
• Shelf Manager
For a full list of monitored activities, see Table 16-4 on page 16-101 and
Table 16-5 on page 16-103.
The Auditor must always be active in the system. A System Alert is
displayed if it becomes inactive for any reason.
The Auditor tool is composed of the Auditor Files and the Auditor File
Viewer that enables you to view the Auditor Files.
Auditor Files
Auditor Event History File Storage
All audit events are saved to a buffer file on hard disk in real time and
then written to a file on hard disk in XML in an uncompressed format.
A new current auditor event file is created when:
• the system is started
• the size of the current auditor event file exceeds 2 MB
• the current auditor event file’s age exceeds 24 hours
Up to 1000 auditor event files are stored per RMX. These files are retained
for at least one year and require 1.05 GB of disk space. The files are
automatically deleted by the system (oldest first) when the system reaches
the auditor event file limit of 1000.
A System Alert is displayed with Can't store data displayed in its
Description field if:
• the system cannot store 1000 files
• the RMX does not have available disk space to retain files for one year