How about instead of just leaving the audit logs on the machine there could be an audit.config option to post the audit log back to the server like it does the actual systems? I'm guessing this might be a bit of a pain to implement though. It would need to following ...
- A page like the admin_pc_add pages, only specific to logs. - A page to actually view the logs and remove them if you want. - A way to restrict access to the page to view the logs. However, this can already be done easily as I saw there was a section where you could add AD groups to limit access to certain pages within Open-AudIT already. - A new table in the database for the logs.
Edit : I just noticed A_Hull's post about logging events from the script. However, I'm not sure if this is exactly what he had in mind with his post. What exactly will you have it log? I think the benefits of submitting the log to a separate page would be that you could better see what audits are failing due to connection issues and such.
_________________ OA Server: Debian Squeeze w/ Apache2 Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian LDAP: Active Directory 2008 R2
|