• Topic ID: id_18480382
  • Version: 2.0
  • Date: Dec 21, 2018 2:36:06 AM

Audit Trail

1 Overview

The audit trail is a record that shows who has accessed a CT system, when it was accessed, and what operations were performed. This document provides the information that is available on the following CT system as audit trail.

  • Optima CT660

  • Revolution EVO

2 Log files for Audit Trail

The CT system provides the following tool and log files for the audit trail.

  • EAT (Enterprise Audit Trail)

  • GE SYSLOG

  • SYSLOG

2.1 EAT (Enterprise Audit Trail)

  • Viewer:

    • configure EAT

      Common Service Desktop -> Configuration -> configure EAT

    • Audit Log Viewer (not available before Revolution EVO 16HW14.9)

      Common Service Desktop -> Utilities -> Audit Log Viewer

    • Editor

  • Log File:

    • Location: /usr/g/gehc_security/logs/localRepository*

    • Format: XML Text

  • Auditable Events:

    • User Authentication: Login, Logout

    • Procedure Record: Delete, Create (not available before Revolution EVO 16HW14.9)

    • Order Record: Update (not available before Revolution EVO 16HW14.9)

    • DICOM Image Transfer: Begin, Transferred

  • External Interface:

    • Audit Log Server (TCP/UDP)

    • Export to USB (not available before Revolution EVO 16HW14.9)

  • EAT Log Example:

    <?xml version="1.0" encoding="UTF-8"?><AuditMessage><EventIdentification EventActionCode="E" EventDateTime="2016-10-25T08:19:26" EventOutcomeIndicator="0"><EventID code="110114" codeSystemName="DCM" /><EventTypeCode code="110122" codeSystemName="DCM"/></EventIdentification><ActiveParticipant UserID="johndoe@cttar9" UserIsRequestor="true" NetworkAccessPointTypeCode="1" NetworkAccessPointID="cttar9"></ActiveParticipant><ActiveParticipant UserID="cttar9" UserIsRequestor="false" NetworkAccessPointTypeCode="1"></ActiveParticipant><AuditSourceIdentification AuditSourceID=""><AuditSourceTypeCode code="9"></AuditSourceTypeCode></AuditSourceIdentification><ParticipantObjectIdentification ParticipantObjectID="Detail"><ParticipantObjectIDTypeCode code=" "/><ParticipantObjectDetail type="Detail" value="TG9jYWwgVXNlciBEYXRhYmFzZTogU3VjY2Vzcw=="/></ParticipantObjectIdentification>/ParticipantObjectIdentification>

2.2 GE SYSLOG

  • Viewer:

    • Message View

    • Editor

  • Log File:

    • Location: /usr/g/service/gesys_ <hostname>.log

    • Format: Custom Text

  • Auditable Events:

    • Start Prospective Exam (Ermes code: 200109109)

    • End Prospective Exam (Ermes code: 200109110)

  • GE SYSLOG Example:

    SR 189

    1477416040 0 1 Tue Oct 25 17:20:40 2016 200109109 4

    cttar9 scanRx UIRx.cxx 12183

    Function: Data Acquisition : OC Processing

    Start: Prospective Exam: 116 : Protocol: 1.1

    EN 189

    SR 237

    1477416077 0 1 Tue Oct 25 17:21:17 2016 200109110 4

    cttar9 scanRx

    UIRx.cxx 12136

    Function: Data Acquisition : OC Processing

    End: Prospective Exam: 116 : Protocol: 1.1

    Series: 1 : Scans: 9 : Images: 26 : PMRSeries(0)

    EN 237

2.3 SYSLOG

  • Viewer:

    • Editor

  • Log File:

    • Location: /var/log/messages*

    • Format: Log text

  • Auditable Events:

    • SSH Access

  • SYSLOG Example:

    Oct 25 17:38:45 cttar9 sshd[20812]: Accepted publickey for ctuser from 192.9.220.1 port 57758 ssh2

    Oct 25 17:38:47 cttar9 sshd[20814]: Received disconnect from 192.9.220.1: 11: disconnected by user

    Oct 25 17:39:50 cttar9 sshd[21433]: Accepted keyboard-interactive/pam for ctuser from 3.36.11.132 port 32818 ssh2

    Oct 25 17:39:54 cttar9 sshd[21437]: Received disconnect from 3.36.11.132: 11: disconnected by user

3 Suggested System Configuration

The following shows the suggested system configuration.

  • HIPPA : On

    • Turn on advanced password policy in configure EA3

    • Remove (Lock) all default users

    • Create unique user account and set complex password

    • Decrease Inactivity Timeout (default: 60 min)

    • Disable Emergency Login if not required

  • PNF : On