Skip to main content

Introduction

include::./_macros.adoc[]

{ta}'s main goal is to provide sophisticated means to extract information and generate alerts from tiCrypt logs. It runs completely independently from tiCrypt and, if properly setup, receives logs live from the tiCrypt installation.

TIP: You can have as many {ta} installations for the same {tc} backend server. They are all independent of each other.

{ta} has three different parts, each responsible for three independent tasks:

  • tiaudit is the service that runs the {ta} server and delivers the {ta} frontend. This is how all users will experience {ta}.
  • tiaudit-logger is a service that "listens" to new log entries coming from {tc} backend, parses the logs and adds the information to the database
  • tiaudit-log-uploader is a program that allows existing {tc} logs to be uploaded. This is used only to "catch-up" with an existing {tc} installation. The rest of the logs are loaded by tiaudit-logger

NOTE: The executables tiaudit and tiaudit-log-uploader are not meant to be executed by hand. The exception is tiaudit during setup.

WARNING: While you can run {ta} on the same server as {tc} backend, the system security is greatly enhanced if you place them on separate servers.

TIP: {ta} does not need direct access to {tc} backend. The log entries from {tc} backend will be "pushed" into {ta}