Configuring Audit Settings

Configure how and when OneSpan Authentication Server should record audit messages. The following instructions are only specific to audit settings that need to be configured after installation. You will still need to properly configure your chosen audit method.

There are four different audit methods available in OneSpan Authentication Server:

• ODBC database
• Text file
• System log
• Live connection

For more information about configuring audit settings, see Auditing.

Database

By default, OneSpan Authentication Server will audit to the database. In most cases, this option is faster than other auditing methods.

When auditing to database, OneSpan Authentication Server uses the following tables to store and process audit information:

• vdsAuditMsg
• vdsAuditMsgField

OneSpan Authentication Server also grants read-write permissions to the default database user for these tables. For added security, it is recommended that you reset this permission to read-only.

Text file

If auditing to a text file, you will need to decide how often a new text file should be created. The default frequency for creating new text files is monthly. To change this frequency, modify the variables used in the file name.

If OneSpan Authentication Server is configured to write to a text file set to IdentikeyServer-{year}-{month}.audit, a new text file will be created monthly. If the text file name is set to IdentikeyServer-{year}-{month}-{mday}.audit, a new text file will be created daily.

Event log

If auditing primarily to the Windows event log, ensure that the event log is configured to not overwrite old entries automatically (this is the default setting).

To check the event log configuration

1. Open the event log.
2. Right-click on the specific log to which the OneSpan Authentication Server will be auditing.
3. Select Properties.
4. Select Do not overwrite events (clear log manually) from the When maximum log size is reached group.
5. Click OK.

SSL re-configuration of multiple live audit connections

OneSpan Authentication Server supports multiple live audit connections.

When installing OneSpan Authentication Server for the first time, you will be asked to configure SSL certificates for live audit connections. Doing so will configure SSL for exactly one live audit connection, i.e. the first connection.

Note that the following features available via the Maintenance Wizard also configure the first connection only:

• Re-run installation wizard
• Change server component location
• Install SSL server certificate

The first live audit connection is the topmost entry in the Available Audit Methods pane of type live. To view this pane, navigate to the Auditing section of the Configuration Utility. You can use Move Up and Move Down to re-arrange the list of available audit methods.

You can add and configure multiple live audit connections after the initial installation.

If you have multiple live audit connections configured, you need to manually configure SSL certificates for each live audit connection (see Configuring the live audit method).