Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Highlighted
Established Member.. TRIMCat
Established Member..
1556 views

TRIM 7.34: Scripting of Automated Processing of Logs into TRIM (Audit, Event Processing, etc)

I understand that best practice is for Audit Logs to be saved in TRIM, which makes sense to me, since having a records management system is only as good as the administration of that system.

 

This is an important process to be able to contribute to trust in the TRIM system to provide evidence of reliable system administration to support records provision in legal matters. 

 

Secondly, this provides raw data for a group of people to assess without having to log into servers.

 

Does anyone have a script they'd like to share that would automate this process?

 

One of the key parts of this script would be in knowing when to transfer the log (i.e. when the system has finished using it), and to have this transfer done as soon as is reasonably possible after that point.

 

I imagine TRIM Document Queues would also be used, as such, ideally it would be highlighted, or have a warning alarm triggered in the event that the process no longer works. The simplest reliable trigger I could think of is "if $LogFileDirector/y/ies* contain > 2 files in (or over a certain size, equivalent to 2 or more log files), email x."

0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Re: TRIM 7.34: Scripting of Automated Processing of Logs into TRIM (Audit, Event Processing, etc)

It's not necessarily best practice, you can store them where ever you like. 

 

The pro's for adding to TRIM is that it removes the files from the WGS and adds them to the file server

 

You can add security to limit the access to only certain users (including limiting access from the TRIM administrators) 

 

 

Also just a point about your forum posts, you've been posting a lot recently - which is great we like users getting involved. But it would be good to see some love back for those that help you out.

 

If you get a solution, then mark that response as the solution. This helps those with the same problem easily find the right answers.

 

If you liked someone’s response then give them a 'kudos' 

**Any opinions expressed in this forum are my own personal opinion and should not be interpreted as an official statement on behalf of Micro Focus**
Absent Member.. Ralf_Wegener Absent Member..
Absent Member..

Re: TRIM 7.34: Scripting of Automated Processing of Logs into TRIM (Audit, Event Processing, etc)

In addition to Greg's response, below are a few links on this forum that perhaps may assist based on past questions posted by you.

- http://h30499.www3.hp.com/t5/Client-Support/TRM-7-34-Security-Appropriate-Method-for-TES/m-p/6554954#M3861
- http://h30499.www3.hp.com/t5/HP-Records-Manager-and-HP-TRIM/TRIM-7-34-Error-Logs-Hard-to-Decipher-Generic-Logging-Under/m-p/6534278#M4305

btw, audit logs are written to file daily on the workgroup server processing audit log event type.


**My opinions are my own personal opinions.


kapish.com.au
Rich_Kid Absent Member.
Absent Member.

Re: TRIM 7.34: Scripting of Automated Processing of Logs into TRIM (Audit, Event Processing, etc)

I would never store the Audit Logs for a system within the same system.

 

Essentially you need to follow the ISM on this (www.asd.gov.au/infosec/ism)

 

For privlidged users such as Administrators the Trim audit event logs are the key control for ensuring that the use of privileged accounts is controlled and auditable. If those logs are put in to the same system then they logs can be modified (deleted, replaced etc) by the very privlidged users the logs are recording the activities for.

 

The logs must go to a seperate secure server that archives the data in a manner that maintains its integrity. 

 

 

 

 

Absent Member.. Ralf_Wegener Absent Member..
Absent Member..

Re: TRIM 7.34: Scripting of Automated Processing of Logs into TRIM (Audit, Event Processing, etc)

TRIM is a records management solution - it captures and audits the trail inline against each record object. Saving the audit log back in TRIM (mainting data retention/compliance rules), also maintains data integrity just like another other electronic record. Given, most organisations perform backups of their information assets hourly, daily, weekly, monthly etc both to hot and cold backups then recycle cold backups to tape periodically, would have thought this achieves the same result.


**My opinions are my own personal opinions.


kapish.com.au
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.