Configure SFTP Audit Log Transfer
Prior to using SFTP-enabled file transfer you must import a copy of each SFTP server’s host key to the OCSBC. The host key identifies the server as a trusted entity when the OCSBC is operating as an SSH or SFTP client.
The SSH protocol requires the server to present its host key to a client during the SSH handshake. The client validates the offered key against the previously obtained trusted copy of the key to identify and authenticate the server.
You must also generate an SSH public and private key pair for the OCSBC in support of its operations as an SSH client. Just as the host key authenticates the SSH server to the SSH client, the generated public key authenticates the SSL client to the SSH server. After generating the SSH key pair, you copy the public key to each configured SFTP server. During the authentication process, the server validates the offered client key against this trusted copy to identify and authenticate the client.
To provide needed keys:
- Use the procedure described in Importing a Host Key to import the host key of each SFTP server.
- Use the procedure described in Generating an SSH Key Pair to generate an SSH public and private key.
- Use the procedure described in Copying a Client Key to an SSH or SFTP Server to copy the public key to the SFTP server.
Configuring SFTP Servers
The multi-instance push-receiver configuration element identifies remote SFTP servers that receive audit log transfers.
Audit Log Alarms and Traps
Three audit log alarms and traps are provided to report significant or anomalous audit log activity.
The ALARM_AUDIT_LOG_FULL trap/alarm is generated in response to (1) the expiration of the file-transfer-time interval, (2) the crossing of the percentage-full threshold, or (3) the crossing of the max-file-size threshold. This trap/alarm is cleared when storage apace becomes available, generally upon successful transfer of the audit log to a remote SFTP server or servers.
The ALARM_ADMIN_AUDIT_PUSH_FAIL trap/alarm is generated in response to failure to transfer the audit log to a designated SFTP server. This trap/alarm is cleared when a subsequent transfer to the same recipient succeeds.
The ALARM_AUDIT_WRITE_FAILED trap/alarm is generated in response to failure to record an auditable event in the audit log. This trap/alarm is cleared when a subsequent write succeeds.