ResearchDrive - Audit log data request process information

Limited log data is collected for ResearchDrive and Restricted ResearchDrive and may be requested by IT departmental support staff and cybersecurity staff as needed.  

What log data is collected?

  • Audit Failure: close_file_modified, close_file_unmodified, create_directory, create_file, delete_directory, delete_file, open_file_noaccess, open_file_read, open_file_write, rename_directory, rename_file, set_security_directory, set_security_file

  • Audit Success: close_file_modified, close_file_unmodified, create_directory, create_file, delete_directory, delete_file, open_file_noaccess, open_file_read, open_file_write, rename_directory, rename_file, set_security_directory, set_security_file

  • Syslog Audit Events: create_directory, create_file, delete_directory, delete_file, open_file_noaccess, open_file_write, rename_directory, rename_file, set_security_directory, set_security_file

  • Table 6 in this document goes over what is collected (note:  we do not collect “open directory” data):  https://www.delltechnologies.com/asset/en-us/products/storage/industry-market/h12428-wp-best-practice-guide-isilon-file-system-auditing.pdf

Process for requesting access to log data:

For all urgent matters:

Note:  Regardless of urgency, CSOC should be involved anytime malicious activity is suspected, if there is an investigation of someone’s activities, or anytime there is “HR” involvement.

For non-urgent needs that do involve CSOC:

For non-urgent needs that do not involve CSOC:  

Scheduled access to logs:

Unfortunately, we are unable to provide instant or scheduled access to logs. 



Keywords:
ResearchDrive Restricted audit logs request 
Doc ID:
137301
Owned by:
Casey S. in UW-Madison Research Data
Created:
2024-05-14
Updated:
2024-05-14
Sites:
UW-Madison Research Data