Working with Audit Logger Permissions

Audit LoggerThe TLC Console1. Tripwire LogCenter Console is the software for the TLC graphic user interface (GUI), or 2. The Tripwire LogCenter GUI. Through the TLC Console, you can configure TLC, oversee your TLC environment, and manage log and event data. component in which you can work with the log messages collected by TLC. Permissions control user access to the Audit Loggers in your TLC environmentConsists of all TLC software, Managers, Log Sources, Monitored Assets, Collectors, and data in your TLC installation.. You can configure the Audit Logger Permissions for all User Accounts and Groups in the Audit Logger Permissions dialog in the Administration ManagerIn this page, you can manage the user accounts, user groups, permissions, and Global Settings for your TLC environment. (see Figure 56).

To configure the user permissions for an Audit Logger:

1.

In the side bar, select Resources >Administration Manager.

2.

In the side bar of the Administration Manager, expand the Permissions.

3.

Under Permissions, expand the Audit Loggers group. This group contains the Audit Loggers in your TLC environment.

4.

Select an Audit Logger.

5.

In the workspace, TLC presents a list of the User Accounts and Groups with permissions for the Audit Logger. Table 66 defines each Audit Logger Permission.

Table 66. Audit Logger Permissions

Permission	Grants users the ability to ...
View	... view log messages in the Audit Logger (see Viewing Audit Logger Vital Statistics).
Export	... forward log messages from the Audit Logger to an Event-Management DatabaseAn optional component of your TLC environment, an Event1. Either a log message that a Manager has standardized (i.e. normalized) for use by TLC (a.k.a. Normalized Messages), or an event or vulnerability imported from a scanner. 2. An 'event message' collected from a Log Source.-Management Database stores Events. Types of Event-Management Databases include Event Databases, IDS Databases, and Firewall Databases. (see Sending Log Messages to an Event-Management Database).

To change the current permission settings, or to change the list of accounts and groups, double-click an account or group in the workspace. The Audit Logger Permissions dialog opens (see Figure 56).

Figure 56.  Audit Logger Permissions dialog

6.

As needed, modify the list of user accounts and groups with Audit Logger permissions.

To add a User AccountA TLC object that provides a user with a collection of User Permissions to work with TLC., clickAdd User.

To add a User GroupA collection of User Accounts., clickAdd Group.

To remove an account or group, select the item and clickRemove.

7.

Configure the permissions for each User Account and Group.

To enable a permission, select the applicable check box.

To disable a permission, clear the applicable check box.

8.

Once all User Accounts and Groups have been configured, click OK.

The Audit Logger Permissions tab

You can also assign Audit Logger Permissions in the properties dialog of a User Account or Group. In the Audit Logger Permissions tab, you can specify the permissions that apply to the account or group.

To open the properties of a User Account:

1.

In the side bar, select Resources >Administration Manager.

2.

In the side bar of the Administration Manager, select Users.

3.

In the workspace, double-click the User Account.

To open the properties of a User Group:

1.

In the side bar, select Resources >Administration Manager.

2.

In the side bar of the Administration Manager, select User Groups.

3.

In the workspace, double-click the User Group.

To configure the Audit Logger Permissions tab:

1.

Add any Audit Loggers to which you want to grant the User Account or Group access.

a.

ClickAdd.

b.

Select an Audit Logger from the drop-down list and click Add.

2.

To enable an Audit Logger Permission (see Figure 56), select the applicable check box.

To disable a permission, clear the applicable check box.

3.

Once all permissions have been configured, click OK.