Concise Logging
Thales’s standard operational logging sends audit messages for each file system operation each time a file is opened, read, updated, or written. Thales’s standard logging can generate high volumes of log data. Most of these messages might not be useful or required by security administrators to monitor file system activity on the system.
Agent log data can be stored on the local host, sent to a syslog server, or uploaded to the Management Console. On an agent system, log entries can flood the local messages file or Event Log. Extreme logging can also affect network performance.
Concise Logging eliminates the following types of messages:
-
Duplicate audit messages for each and every block read by the user or application. With Concise Logging, CTE only sends an audit message the first time a user or application performs a read/write activity. Subsequent read/write activity by that user or application is not logged.
-
Audit messages that read the attributes, read the basic information of file-set attributes, and other event-based messages.
-
Audit messages for directory open, read directory attributes, and directory close.
Configuring Concise Logging for CTE Clients or Client Groups with CipherTrust Manager
You can enable and disable the Concise Logging option from the CipherTrust Manager for the following:
In CipherTrust Manager, when you create a Client Profile, you can select to Enable Concise Logging. Then, you can apply that Client Profile to a specific client, or to all clients in a Client Group.
Considerations
-
Concise Logging changes the set of log messages that are sent to Security Information and Event Management (SIEM) software systems. If this results in loss of data required for customer reports, then disable Concise Logging.
-
Concise Logging is only supported by CTE
secfs
. -
Enable and disable Concise Logging on the client, in the Client Profile. CTE applies it for all users of that Client Profile. There is no finer-grained control, such as per GuardPoint, user, or message type.
-
Do not use Learn mode with Concise Logging.