Disabling resource access events

We can use protected object policies (POPs) to selectively disable auditing of access to particular resources.

• Disable generating audit records. If a POP with the audithttp extended attribute set to no is attached to a resource, access to that resource does not generate an HTTP access audit record. For example, if access to the /images subdirectory is not of sufficient interest to merit an audit record, we can disable audit records using the following commands:

  pdadmin sec_master> pop create nohttpaudit
  pdadmin sec_master> pop modify nohttpaudit set attribute audithttp no
  pdadmin sec_master> pop attached /WebSEAL/server/images nohttpaudit

After you attach the nohttpaudit POP to the /images subdirectory, access to files under this directory no longer generates an audit event.

Enable generating audit records. If we have a specific resource that must be audited, we can enable auditing of that resource. To enable auditing, attach a second POP without the audithttp attribute. For example, the special.jpg file in the /images subdirectory must be audited. We can enable audit records for the file with the following commands:

pdadmin sec_master> pop create restorehttpaudit
pdadmin sec_master> pop attached /WebSEAL/server/images/special.jpg \
  restorehttpaudit

Parent topic: Audit event logging