tiCrypt Audit's main goal is to provide sophisticated means to extract information and generate alerts from tiCrypt logs. It runs completely independently from tiCrypt and, if properly setup, receives logs live from the tiCrypt installation.
You can have as many tiCrypt Audit installations for the same tiCrypt backend server. They are all independent of each other.
tiCrypt Audit has three different parts, each responsible for three independent tasks:
tiauditis the service that runs the tiCrypt Audit server and delivers the tiCrypt Audit frontend. This is how all users will experience tiCrypt Audit.
tiaudit-loggeris a service that "listens" to new log entries coming from tiCrypt backend, parses the logs and adds the information to the database
tiaudit-log-uploaderis a program that allows existing tiCrypt logs to be uploaded. This is used only to "catch up" with an existing tiCrypt installation. The rest of the logs are loaded by
tiaudit-log-uploader are not meant to be executed by hand. The exception is
tiaudit during setup.
- While you can run tiCrypt Audit on the same server as tiCrypt backend, the system security is greatly enhanced if you place them on separate servers.
- tiCrypt Audit does not need direct access to tiCrypt backend. The log entries from tiCrypt backend will be "pushed" into