Audit log data backup

Ensure you make copies of all files contained in the directory into which the audit log files are written. By default this will be %PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\Log (Windows) or /var/log/vasco/identikey (Linux).

Text file audit logs may have been configured to be saved in another location. Verify the audit configuration settings if you are unsure.

Back up the database using the database's backup utility. If you are using the audit tables in the embedded database, they will be included in the backup of the data store and will not require a separate backup.

For encrypted databases, also back up the encryption key and password to a secure location!

By default, event log entries are written to the Application log. However, you can configure the entries to be written to another log. Verify the audit configuration if you are unsure.

The event log may be configured with a maximum size. When this size is reached, the oldest entries may be overwritten by new ones. To verify this, inspect the properties of the log in the Event Viewer. If older entries will be overwritten, you will need to archive them before that occurs.

To archive a Windows Event log

1. Launch the Windows Control Panel. On most Windows installations, you can do so via Start > Programs > Control Panel.
2. Double-click Administrative Tools.
3. Double-click Event Viewer.
4. Right-click Application (or the correct log, if not Application).
5. Click Save log file as.
6. Select a path and enter a file name.
7. Select a file format from the Type list.
8. Click Save.

The audit log data is not required for system recovery purposes.

In Linux, audit data can be written to the syslog.

For more information about configuring Linux and OneSpan Authentication Server for this audit method, see Configuring the Linux Syslog audit method