2.2 Reporting

The following topics make up the reporting stage:

2.2.1 Log Events Within your Code

After you have completed the previous tasks, logging events to the Secure Logging Server is straightforward. You simply initialize a connection to the Platform Agent, then use the LogEvent functions to report your events. See Section 4.0, Functions, and the files contained in the samples folder of this kit for details on implementing event logging in C or Java, and for sample instrumentation.

2.2.2 Configuring the Platform Agent

Each instrumented application on an individual machine uses the same Platform Agent to communicate with the Secure Logging Server. The Platform Agent is configured through a configuration file, in which you specify the IP address of the Secure Logging Server to receive reported events, the location of the event cache when unable to connect to the Secure Logging Server, and several other configuration settings.

The location for the configuration file is dependent on the platform. The default locations are as follows:

Table 2-1 lists the parameters contained in this file:

Table 2-1 Platform Agent Configuration File Parameters

Parameter

Description

LogHost=dns name

Name or IP address of the Secure Logging Server the Platform Agent should use.

LogCacheDir=path

The directory where the Platform Agent should store the cached event information if the Primary or Secondary Secure Logging Server becomes unavailable.

LogEnginePort=port

Port used by the Secure Logging Server to accept data from Platform Agents.

LogCachePort=port

Port used by the Platform Agent caching mechanism.

LogCacheUnload=Y|N

Set to N if lcache should not allow unloading

LogCacheSecure=Y|N

If the local cache file should be encrypted, this option must be set to Y.

LogReconnectInterval=s

Interval, in seconds, indicating how often the Platform Agent and the Platform Agent Cache try to reconnect to the Secure Logging Server after the connection was lost.

LogDebug=Never|Always|Server

Set to Never to never log debug events. Set to Always to always log debug events. Leave out or set to Server to use the default setting provided by the Secure Logging Server.

LogSigned=Never|Always|Server

Set to Never to never sign events. Set to Always to always log events with a signature. Leave out, or set to Server to use the default setting provided by the Secure Logging Server.

LogMaxBigData=bytes

Set this value to allow the data field in the event to be larger than the default (3072 bytes). This should be set to the maximum number of bytes that this client allows. Larger data is truncated, or not sent if the application doesn’t allow truncated events to be logged.

LogMaxCacheSize=bytes

Set to the maximum size in bytes that a cache file will hold.

LogCacheLimitAction=stop logging|drop cache

The action that you want the cache module to take when it has reached the maximum cache size limit. Set to Stop Logging if you want to stop collecting new events. Set to Drop Cache if you want to delete the cache and start over with any new events that are generated.

ForceServerVersionNumber

When logging to an Nsure Audit 1.0.x log server, use this parameter to specify the specific version of Nsure Audit so the Platform Agent can use the correct Secure Log Server protocol. For example, ForceServerVersionNumber=1.0.2. Indicate the patch level for Nsure Audit 1.0.3 with a “P*” suffix. For example, 1.0.3P1, 1.0.3P2, etc.

2.2.3 Secure Event Logging

An event signature ensures that events received by the Secure Logging Server have not been deleted or modified. Events can be signed and chained by creating a signature consisting of the signature of the preceding event and the event data of the current event. This enables you to ensure that each logged event is received unmodified by the Secure Logging Server and that the entire chain of events is present.

To enable secure event logging, change the LogSigned parameter to Yes in the Platform Agent configuration file. See Section 2.2.2, Configuring the Platform Agent for more information.