System security stands on three legs: good security protocols, proper system configuration and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice and regularly monitor audit records.
As an Oracle VM administrator you have access inside the Oracle VM Manager GUI to events and statistics. These are your first indicators of potential problems, including security risks. Particularly important errors to investigate are Oracle VM Server disconnect and offline events, as they indicate unexpected connectivity issues.
Oracle VM keeps a number of log files on different components in the environment. These log files are important for the manageability and supportability of Oracle VM. The following tables provide an overview of the log files that can assist you in troubleshooting and security auditing:
Oracle VM Manager Logs
Log Files | Location | Description |
|---|---|---|
Oracle VM Manager installation or upgrade log | /tmp/install-yyyy-mm-dd-<id>.log - and/or - /tmp/upgrade-yyyy-mm-dd-<id>.log | All actions and operations that take place during an installation or upgrade procedure are saved to this file. Some log entries are simply informative, but a lot of debugging information is included. |
Oracle VM Manager logs | /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/logs/ |
The
The |
CLI logs | /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/logs/CLIAudit.log /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/logs/CLI.log |
In
The |
Oracle VM Server Logs
Log Files | Location | Description |
|---|---|---|
Oracle VM Agent log | /var/log/ovs-agent.log | The Oracle VM Agent log is essential for auditing of internal communications and connectivity of the physical servers in your environment. From a security point of view, entries from authentication and connection failures with bad credentials, or an unusual number of access attempts could indicate unauthorized access attempts. |
Oracle VM Agent notification log | /var/log/devmon.log | This file contains all details of what the Oracle VM Agent sends to Oracle VM Manager: all events from the server, including storage device events, network events etc. |
Oracle VM console log | /var/log/ovm-consoled.log | [need info] |
Oracle VM Storage Connect plug-in log | /var/log/osc.log | This file logs all installation activities related to Oracle VM Storage Connect plug-in. It shows which plug-ins have been installed, which version is in use, and when exactly the installation has taken place. |
Xen hypervisor logs | /var/log/xen/ |
The |
In the context of product security and auditability, the various log files show which operations have been performed by each Oracle VM Manager administrator account. Also, any unauthorized login attempt on Oracle VM Manager or SSH connection failure to an Oracle VM Server is reflected in the log files. Monitor the logs actively in order to detect security issues as early as possible.