Conciliación tributaria-contable del impuesto a la renta corriente

When events are logged, Caché places them in the audit database, CACHEAUDIT. The audit database also contains general information, including the name of the server, the name of the Caché configuration, when the log was started, and when the log was closed.

The following actions are available for managing the audit log: • Viewing the Audit Database

• Copying, Exporting, and Purging the Audit Database

• Encrypting the Audit Database

9.3.1 Viewing the Audit Database

To view the audit database, select View Audit Database on the Auditing page ([Home] > [Security Man- agement] > [Auditing]) page. This displays the View Audit Database page ([Home] > [Security Management] > [Auditing] > [View Audit Database]). This page allows you to view the audit database and refine a search based on the following fields:

• Event Source — The component of the Caché instance that is the source of the event, as described in “Elements of an Audit Event.” Clicking the button to the right of the field displays a list of values in use. The asterisk ( “*” ) chooses all values; no other wildcards are supported.

• Event Type — Any categorizing information for the event, as described in “Elements of an Audit Event.” Clicking the button to the right of the field displays a list of values in use. The asterisk ( “*” ) chooses all values; no other wildcards are supported.

• Event Name (also called Event) — The identifier of the event being logged, as described in “Elements of an Audit Event.” Clicking the button to the right of the field displays a list of values in use. The asterisk ( “*” ) chooses all values; no other wildcards are supported.

• System IDs — An identifier for the instance of Caché that appears in each audit log entry. This identifier is of the form machine_name:instance_name, so that if you have an instance of Caché called “MyCache” running on a machine called “MyMachine” , then its System ID is “MyMa- chine:MyCache” . To search for multiple system IDs, provide a comma-separated list. The asterisk ( “*” ) chooses all values; no other wildcards are supported.

• PIDs — The operating-system ID of the Caché process that logged the event, as described in “Elements of an Audit Event.”

• Begin Date & Time — The date and time for the first event to be displayed (midnight at the beginning of the current day, by default).

• End Date & Time — The date and time for the last (most recent) event to be displayed (the current time, by default)

• Sort by — Orders the results by:

- Reverse Date — From most recent to least recent - Events — By event name, in alphabetical order - Users — By user name, in alphabetical order

- PID — By operating-system process ID, from lowest to highest

• Maximum Rows — The maximum number of rows to display in a listing of the audit log (up to 10,000).

• Color by — The field (if any) that determines how the search results are colored. Fields that can determine search result coloring are Description, Event, Event Source, Event Type, PID, Time Stamp, and Username.

• Users — The user who has caused the event. The asterisk ( “*” ) chooses events causes by all users; no other wildcards are supported.

9.3.2 Copying, Exporting, and Purging the Audit Database

The audit log is stored in the CACHEAUDIT database and protected by the %DB_CACHEAUDIT

resource. By default, the %Manager role holds the Read permission on this resource and no role holds the Writepermission.

122        Caché Security Administration Guide Auditing

The audit log database is managed in the same way as any other Caché database. For example, you can specify its initial size, growth increment, maximum size, and location using standard Caché man- agement tools.

The System Management Portal provides special management operations for the audit database: • Copy — Entries for one or more days can be copied to a specified namespace.

• Export — Entries for one or more days can be exported from the log to a file. • Purge — Entries for one or more days can be removed from the log.

Note: All these operations act on all entries for one or more days. There are no operations for par- ticular entries.

There are also general management functions, which use standard Caché features.

9.3.2.1 Copy the Audit Database

Caché allows you to copy all or part of an audit database to a namespace other than CACHEAUDIT. To do this:

1. From the Manage Audit Log page ([Home] > [Security Management] > [Auditing] > [Manage Audit Log]), select Copy Audit Log. This displays the Copy Audit Log page ([Home] > [Security Manage- ment] > [Auditing] > [Manage Audit Log] > [Copy Audit Log]).

2. On the Copy Audit Log page, first select either: • Copy all items from audit log

• Copy items that are older than this many days from audit log In the field here, enter a number of days; any item older than this is copied to the new namespace.

3. Next, use the drop-down menu to choose the namespace where you wish to copy the audit entries. 4. If you wish to delete the audit items after they are copied, select the check box with that choice. 5. Click OK to copy the entries.

Caché places the selected audit log entries in the ^CacheAuditD global in the selected namespace. To view this data:

1. From the System Management Portal home page, select Globals from the Data Management column; this displays the Globals page ([Home] > [Globals]).

2. From the Globalspage, select the following items in the following order: a. The Databases radio button from the upper left area of the page. b. The name of the database holding the copied audit log entries.

c. The System check box that appears above the list of globals. d. The Go button immediately to the left of the System check box.

This displays a list of globals in the database, including ^CacheAuditD. Globals are listed without the preceding “^” character that is needed to manipulate them programmatically or in the Caché Terminal.

Note: Clicking View Globals on this page refreshes the page but unchecks in the System check box, thereby making ^CacheAuditD unavailable.

3. Click Data from the CacheAuditD line to display detailed information on the audit log entries.

9.3.2.2 Export the Audit Database

Caché allows you to export all or part of an audit database. To do this:

1. From the Manage Audit Log page ([Home] > [Security Management] > [Auditing] > [Manage Audit Log]), select Export Audit Log. This displays the Export Audit Log page ([Home] > [Security Man- agement] > [Auditing] > [Manage Audit Log] > [Export Audit Log]).

2. On the Export Audit Log page, first select either: • Export all items from audit log

• Export items that are older than this many days from audit log In the field here, enter a number of days; any item older than this is exported to the new namespace.

3. Next, in the Export to file field, enter the path of the file where you wish to export the audit entries. If you do not enter a full path, the root for the path provided is cachesys/Mgr/ where cachesysis the default name of the installation directory.

4. If you wish to delete the audit items after they are exported, select the check box with that choice. 5. Click OK to export the entries.

9.3.2.3 Purge the Audit Database

Caché allows you to purge all or part of a database.

Important: Purging the database is not a reversible action — purged items are permanently removed. You cannot restore items to the audit database once you have purged them.

To do this:

1. From the Manage Audit Log page ([Home] > [Security Management] > [Auditing] > [Manage Audit Log]), select Purge Audit Log. This displays the Purge Audit Log page ([Home] > [Security Manage- ment] > [Auditing] > [Manage Audit Log] > [Purge Audit Log]).

124        Caché Security Administration Guide Auditing

2. On the Purge Audit Log page, first select either: • Purge all items from audit log

• Purge items that are older than this many days from audit log In the field here, enter a number of days; any item older than this is purged.

3. Click OK to purge the entries.

9.3.2.4 General Management Functions

Management of the audit database, such as finding out its location, is carried out using standard Caché system management tools and techniques. This database is journaled and backed up like any other. Special facilities are provided to purge all or selected days’ entries.

The audit database can be read with normal Caché commands. Such access is subject to standard security restrictions at the database and/or namespace levels. Caché provides several standard audit reports. In addition, audit log contents are accessible via standard SQL and any standard SQL tool can be used. A table definition for the active audit log is contained in the %SYS namespace.

The audit log can also be backed up using standard Caché database backup facilities. If the audit database becomes full, a <FILEFULL> error occurs and is handled in the same way as for any other Caché database.

CAUTION: If the audit database becomes full, Caché will not record audit entries for actions that cause audit events. Further, in a forensic context, the existence of only a single AuditRecordLost audit entry indicates that at least one record was lost.

9.3.3 Encrypting the Audit Database

Caché allows you to encrypt the database that holds the audit log. This is described in the section “

Configuring Caché Encryption Settings” in the chapter “Database Encryption” in the Caché Security

Administration Guide.