How does auditing work?

The Crystal Management Server (CMS) acts as the system auditor, while each Crystal Enterprise server that controls actions that you can monitor is an auditee.

To audit an action in Crystal Enterprise, you must first determine which server controls that action. Then you must enable auditing of that action in the Servers management area of the Crystal Management Console. As the auditee, the Crystal Enterprise server will then begin to record these audit actions in a local log file.

As the auditor, the CMS controls the overall audit process. Each server writes audit records to a log file local to the server. At regular intervals the CMS communicates with the auditee servers to request copies of records from the auditee's local log files. When the CMS receives these records it writes data from the log files to the central auditing database.

The CMS also controls the synchronization of audit actions that occur on different machines. Each auditee provides a time stamp for the audit actions that it records in its log file. To ensure that the time stamps of actions on different servers are consistent, the CMS periodically broadcasts its system time to the auditees. The auditees then compare this time to their internal clocks. If differences exist, they make a correction to the time stamp they record in their log files for subsequent audit actions.

Once the data is in the auditing database you can run pre-configured reports against the database or design custom reports to suit your own needs.

Note:    

• You must configure the auditing database on the CMS before you can begin to audit. See Configuring the auditing database.
• The CMS acts as both an auditor and as an auditee when you configure it to audit an action that the CMS itself controls.
• In a CMS cluster, the cluster will nominate one CMS to act as system auditor. If the machine that is running this CMS fails, another CMS from the cluster will take over and begin acting as auditor.