Audit
Minimum version required
The features described on this page require
EZproxy 3.6c GA (2006-03-10)
or later.
Overview
Audit is a position-independent config.txt/ezproxy.cfg directive that enables the auditing of
specific EZproxy events.
When recording auditing events, in the directory where EZproxy is installed,
EZproxy creates a directory named audit and within that directory creates files based on the year, month, and
day that the event occurred (e.g. 20080314.txt). Audit events can be
viewed from the /admin EZproxy administration page.
Audit events record date, time, event type, source IP, username, EZproxy session identifier,
and event-specific details.
A new audit file is created every day.
Many libraries prefer to limit the timeframe over which such information
is retained. The AuditPurge directive allows you to specify
the number of audit files that should be retained, allowing the automatic
deletion of older audit files.
Configuration
Audit should be followed by one or more of the events to be audited. Multiple events should be separated
by spaces.
| Event |
Description |
| BlockCountryChange |
The IP address of an active session changed, and the country associated with the new IP address did not match the country associated with the old IP address,
so access was blocked. This event only occurs if Option BlockCountryChange and Location directives appear in config.txt. This event requires EZproxy 5.1b GA or later.
|
| Info.usr * |
User audit event generated by the action Audit. This event requires EZproxy 5.1b GA or later.
|
| Most |
Most is a special value that indicates that all of the following events that are marked with an asterisk (*) should be
audited.
|
| Login.Denied * |
User denied access based on a Deny directive in user.txt. This event may be suppressed by using Deny -NoAudit filename. This event requires EZproxy 5.1b GA or later.. |
| Login.Success * |
Successful attempt to log in to EZproxy.
|
| Login.Success.Groups |
Groups to which the user was assigned (augments Login.Success event; not recorded separately). This event requires EZproxy 3.6f GA or later. |
| Login.Failure * |
Failed attempt to log in to EZproxy.
|
| Login.Intruder.IP * |
Intrusion attempts based on the IntruderIPAttempts directive.
|
| Login.Intruder.User * |
Intrusion attempts based on the IntruderUserAttempts directive.
|
| System * |
General system activities that do not fall under other audit event categories (e.g.
system startup).
|
| Unauthorized * |
Unauthorized attempts to access administrative features of EZproxy (e.g. /admin).
|
| UsageLimit * |
Events resulting from the UsageLimit directive.
|
Sample use
The most common use for Audit is:
Audit Most
which enables the auditing of the events that have are marked with an asterisk (*).
To enable the most common events plus one extra such as Login.Success.Groups, you can use:
Audit Most Login.Success.Groups
To enable the most common events except one such as Unauthorized, you can use:
Audit Most -Unauthorized
Advanced example
An example of how to combine all of the security features of EZproxy appears at
Securing Your EZproxy Server .
See also
AuditPurge IntruderIPAttempts IntruderUserAttempts Location UsageLimit
Toolbox voor bibliotheken:
