SAT (Security Audit Trail) supports the logging of security-relevant events in a protected SAT logging file (SATLOG file). The SATLOG file can be analyzed using the SATUT evaluation routine. SATUT edits the SAT logging file and/or generates result lists.

Purposes of the logging of events

• to provide an overview of accesses to objects, to review specific processing steps and actions of particular user IDs and to monitor the use of the security functions

• to detect intrusions into the system by (foreign) users bypassing the security functions

• to detect and prevent any unauthorized use of rights

• to discourage any attempts to bypass the security functions

• to identify the source of a violation of security measures in order to minimize the damage caused

• to initiate an immediate response to unauthorized system intervention (alarm function)

Loggable events

• the use of identification and authentication mechanisms

• the access to objects (e.g. opening of files, program start)

• the creation and deletion of objects

• security-relevant actions of the security administrator, system operation and system administration

Logged data

• date and time of an event

• unequivocal identification of the user; if the chipcard mechanism is used, also identification of the chipcard or the personal user ID

• successful or failed execution of a processing step

• name of the object processed

• description of any modification applied within the framework of user administration or system security measures

The system's CONSLOG files may contain additional events not logged by SAT, e.g. operator replies to questions or actions during BS2000 startup before activation of SAT. Therefore CONSLOG files may be included when evaluating SAT logging.