Skip to main content

Introduction

tiCrypt Audit's main goal is to provide sophisticated means to extract information and generate alerts from tiCrypt logs. It runs completely independently from tiCrypt and, if properly setup, receives logs live from the tiCrypt installation.

tip

You can have as many tiCrypt Audit installations for the same tiCrypt backend server. They are all independent of each other.

tiCrypt Audit has three different parts, each responsible for three independent tasks:

  • tiaudit is the service that runs the tiCrypt Audit server and delivers the tiCrypt Audit frontend. This is how all users will experience tiCrypt Audit.
  • tiaudit-logger is a service that "listens" to new log entries coming from tiCrypt backend, parses the logs and adds the information to the database
  • tiaudit-log-uploader is a program that allows existing tiCrypt logs to be uploaded. This is used only to "catch up" with an existing tiCrypt installation. The rest of the logs are loaded by tiaudit-logger
note

The executables tiaudit and tiaudit-log-uploader are not meant to be executed by hand. The exception is tiaudit during setup.

caution
  • While you can run tiCrypt Audit on the same server as tiCrypt backend, the system security is greatly enhanced if you place them on separate servers.
  • tiCrypt Audit does not need direct access to tiCrypt backend. The log entries from tiCrypt backend will be "pushed" into tiaudit.