Introduction
include::./_macros.adoc[]
{ta}'s main goal is to provide sophisticated means to extract information and generate alerts from tiCrypt logs. It runs completely independently from tiCrypt and, if properly setup, receives logs live from the tiCrypt installation.
TIP: You can have as many {ta} installations for the same {tc} backend server. They are all independent of each other.
{ta} has three different parts, each responsible for three independent tasks:
tiaudit
is the service that runs the {ta} server and delivers the {ta} frontend. This is how all users will experience {ta}.tiaudit-logger
is a service that "listens" to new log entries coming from {tc} backend, parses the logs and adds the information to the databasetiaudit-log-uploader
is a program that allows existing {tc} logs to be uploaded. This is used only to "catch-up" with an existing {tc} installation. The rest of the logs are loaded bytiaudit-logger
NOTE: The executables tiaudit
and tiaudit-log-uploader
are not meant to be executed by hand. The exception is tiaudit
during setup.
WARNING: While you can run {ta} on the same server as {tc} backend, the system security is greatly enhanced if you place them on separate servers.
TIP: {ta} does not need direct access to {tc} backend. The log entries from {tc} backend will be "pushed" into {ta}