The security event logging feature permits Lotus Sametime Unified Telephony to record security administration actions and OAM&P (Operation, Administration, Maintenance and Provisioning) activity originated over CLI (Command Line Interface), SNMP (Simple Network Management Protocol), SOAP/CLI or SOAP/XML interfaces to Lotus Sametime Unified Telephony. It also records OS-level CLI activity.
This feature provides:
The ability to track down system abusers and hackers that may be involved in system and network intrusions, interruptions, damage and unauthorized configuration changes - for example, to disrupt service or enable toll fraud.
The ability to investigate recent security-related activity such as the following:
Changes to security attributes, services, and access controls such as successful and unsuccessful changes to user IDs and passwords; and successful and unsuccessful login attempts, logouts, or session termination (either local or remote) via the security audit trail
Recent non-security related OAM&P activity via the recent change log
This security event log is different from, and is kept completely separate from, the system event log, which logs abnormal runtime activity.
System Specific Information
The security log files are rotated on a daily basis. Archived security log files for the previous 30 days are retained; files older than 30 days are automatically removed.
Although the active security event log files are not encrypted, they are accessible only to CLI users who have the proper authorization. However, these files can be archived to long-term storage as an encrypted file.
SFTP (using IPsec) is used for the secure transfer of the log file data from Lotus Sametime Unified Telephony.
Event Log File DataParent topic: Security topics
The general contents of an event log file are described here.
Access to Event Log Data
Event log data are stored in different log files which can be accessed via the Telephony Control Server Assistant.
Recent Change Log
The recent change log records all OAM&P (Operation, Administration, Maintenance and Provisioning) activity whether successful or unsuccessful.
Security Audit Trail
The security audit trail supports logging capabilities based on ANSI T1.276-2003 and Telcordia GR-815-CORE.
Recent Change Logging in a SOAP Server
Whenever a SOAP (Simple Object Access Protocol) request is received that involves the creation, deletion, modification, or retrieval (e.g., for display/view) of data on the Lotus Sametime Unified Telephony system, the Event Logging API function RtpSecEvtSendChangeLogEvent provided by RTP (Real-Time Transport Protocol) is called to log the event.
Recent Change Logging in SOAP Mass Provisioning and SOAP Export
For SOAP (Simple Object Access Protocol) Mass Provisioning, the comma separated string representing the input mass provisioning command from the input file is logged. For SOAP Export, the operation performed is always the retrieving of data and thus the name of the operation is logged with the generic name "soapExport".