Distributed policy distribution for compliance functionality

Abstract

A multi-component auditing environment uses a set of log-enabled components that are capable of being triggered during an information flow in a data processing system. A 'master' compliance component receives data from each log-enabled component in the set of log-enabled components, the data indicating a set of logging properties that are associated with or provided by that log-enabled component. The master compliance component determines, for a given compliance policy, which of a set of one or more events are required from one or more of the individual log-enabled components in the set of log-enabled components. As a result of the determining step, the master compliance component then configures one of more of the individual log-enabled components, e.g. by generating one or more configuration events that are then sent to the one or more individual components. This configuration may take place remotely, i.e., over a network connection. As a result of the information flow, audit or other logs are then collected from the log-enabled components. The master compliance component evaluates the collected logs to determine compliance with the compliance policy. As necessary, the master compliance component re-configures one or more log-enabled components in the set of log-enabled components to address any compliance issues arising from the evaluation. Thus, once a given compliance policy is specified, typically the individual log-enabled components in the multiple-component environment are not responsible for their own configuration, as that task is undertaken by the master compliance component.