US Patent 7904965 User action security auditing

In a storage area network (SAN), a SAN management application provides a security audit log of security sensitive user actions performed across the storage area network. In a SAN, multiple services operate to perform requested user actions. Configurations herein substantially overcome the shortcomings of conventional SAN security event logging by providing a comprehensive security audit mechanism operable to identify and record user actions. An event normalizer disposed in each of the services identifies requested user actions, creates a uniform user action object, and sends the user action object to a coalescer operable to receive user action objects from the plurality of services in the SAN. The user action object provides a generic template responsive to each of the event normalizers in the services. The event normalizers normalize event properties and attributes concerning a user action into the generic user action object, and employs preexisting conduits for gathering and recording events.