Change the Audit Log Resilience Levels

On a busy server, the audit log can grow quickly and, in some cases, can exceed the amount of space available for storing the audit data.

The ActivID Appliance might have sufficient data space available to continue its normal operations despite the failure of the audit log.

If the audit log has been overrun because of underestimating the space required for it, certain operations can continue working despite the fact that those calls will not be logged.

When the audit fails (for an authentication or administration operation), ActivID Appliance behavior depends on the configuration of the Resilience to Audit Log Failure properties (ALLOW_XXX_TO_PROCEED_WITHOUT_AUDIT_<DOMAIN>):

  • If the Resilience to Audit Log Failure is allowed:
  1. Write Audit log value to the following file:

    <ACTIVID_HOME>/ActivID_AS/servers/server_<n>/logs/activid-server-audit.log.<domain>

  1. Proceed as normal.

  • If the Resilience to Audit Log Failure is denied:
  1. Write Audit log value to the following file:

    <ACTIVID_HOME>/ActivID_AS/servers/server_<n>/logs/activid-server-audit.log.<domain>

  1. Prevent the operation.

If, during execution of the ActivID Appliance, the audit log begins to fail, use the following procedure to change the Resilience to Audit Log Failure (RALF) settings at runtime.

Note: You can configure this behavior separately for each security domain.
  1. Log on to the ActivID Console and, under Configuration in the left menu, select Applications.

  2. Click Edit Settings for the ActivID Authentication Server in the Applications list.

  3. Select the Audit tab.

  4. For each security domain configured on the ActivID Appliance instance, there are two properties:

    • ALLOW_ADMINISTRATION_TO_PROCEED_WITHOUT_AUDIT_<DOMAIN> - defines if other configuration processes should continue when the audit log has failed.
    • ALLOW_AUTHENTICATION_TO_PROCEED_WITHOUT_AUDIT_<DOMAIN> – defines if authentications are allowed when the audit log has failed.
  5. If you want ActivID Appliance authentication and/or operations to proceed for a specific domain, even when they will not be audited, set the corresponding value to ALLOW.

  6. Note:  
    • By default, both properties are set to DENY so both authentications and other configuration processes will fail if the audit log has failed.

    • As all operations require authentication, ALLOW_AUTHENTICATION must be set to ALLOW if you also set ALLOW_ADMINISTRATION to ALLOW.

  7. Click Save.