Groove Audit Service
Updated: April 1, 2008
Applies To: Groove Server 2007
The Groove Audit service is an optional feature installation, provided with Groove Manager. This service, typically installed on a dedicated machine, is the audit data collection point for Groove tool and member events that take place on Groove clients registered with a management domain. Like its parent Groove Manager, it relies on SQL databases for storage. Domain administrators use a device policy defined in Groove Manager to schedule client audits and select the type of events to be audited.
Groove Auditing consists of four parts:
A Groove client-side audit log which securely collects Groove user events into an encrypted file.
The Groove client-side Audit Service which secures the audit log for upload to the Audit Server.
The Audit Server software which collects and decrypts the log data, then stores it in a SQL server database.
A Groove Manager device policy that defines what data should be audited on devices within a management domain.
Groove audit logs are immediately encrypted on clients upon event creation, and are decrypted only after arrival at the audit server, affording a highly secure auditing environment. In addition, NTFS permissions are used to prevent tampering with the logs and the Audit Service by unauthorized personnel.