Auditing

Audit logs are an important measure to identify and analyze suspicious activity.

Since anyone with administrator access to the Bravura Security Fabric server can alter or remove audit logs, arrange for a periodic archiving of audit logs to a different server managed by different administrators.

Bravura Security Fabric administrators with appropriate privileges can run operation reports.

As part of the Bravura Security Fabric , the Logging Service (idmlogsvc) manages logging sessions for a particular instance. It captures event messages from Bravura Security Fabric program execution, and writes them to the configured log file (idmsuite.log by default).

The Logging Service (idmlogsvc) also can write to the Windows events logs.

Windows also provides various audit logs through the Event Viewer. And IIS provides configurable logging information with W3C Extended Log File Format.

Ensure you review the logs of your network devices, such as the firewall, regularly.

Accurate logging requires an accurate time stamp. It is recommended that the server set its time using a reliable network time server.

An audit log is only effective if it is examined. Logs provide the best indications of break-ins, fraud and misuse. It is highly recommended that logs be examined regularly.