Integration Platform for Collecting Security Audit Trail
2 Assignments
0 Petitions
Accused Products
Abstract
An audit processor is interposed between production servers and an auditing server, and is a client to both. The audit processor is an integration point, receiving security audit data from production servers, processing the data (e.g., converting the data from binary to text format), and sending processed audit trails to the auditing server. The audit processor includes data buffering capacity and flow control; accordingly, temporary unavailability of the auditing server does not impact the production servers. The production servers will purge stale audit data; accordingly, temporary unavailability of the audit processor does not impact the production servers. Since the audit processor may process security audit data according to any protocol or format imposed or requested by the auditing server; the production servers are unaffected by auditing server changes. The audit processor integrates production servers with existing auditing servers without jeopardizing the telecom grade availability of the wireless telecommunication network.
-
Citations
26 Claims
-
1-13. -13. (canceled)
-
14. A method of collecting audit data in a wireless telecommunication production network, comprising:
-
fetching one or more audit data records from a production server in the production network, each audit data record comprising records of security-related events compiled by the production server; processing the one or more audit data records in an audit processor that is a client to both the production server and an auditing server; and dispatching the one or more audit data records from the audit processor to the auditing server. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. An audit processor for conducting security audits in a wireless telecommunication production network while maintaining telecom grade availability, said audit processor comprising:
-
data storage configured as an unprocessed audit data record queuing stage; data storage configured as a processed audit data record queuing stage; and one or more controllers operative as clients to; fetch an audit data record from a production server in the production network; process the audit data record; and dispatch the audit data record to an auditing server. - View Dependent Claims (21, 22, 23)
-
-
24. A telecommunication production network comprising:
-
one or more production servers operative to monitor and record security-related events as a plurality of audit data records; an auditing server operative to store the plurality of audit data records as one or more audit trails, and further operative to perform security audits on the audit trails; and an audit processor acting as a client to the one or more production servers and the auditing server, and operative to fetch the plurality of audit data records from the production servers, process the plurality of audit data records, and dispatch the plurality of processed audit data records to the auditing server. - View Dependent Claims (25, 26)
-
Specification