Audit using logaudit
WebSEAL and Plug-in for Web Servers continue to support audit logging that uses the logaudit entries and its related entries in the [aznapi-configuration] stanza. This approach uses the following stanza entries:
[aznapi-configuration] logaudit auditlog auditcfg logsize logflush
This approach is comparable to the logcfg entry with a file agent.
For example, to capture authentication events, we can set the configuration file entries as follows:
[aznapi-configuration] logaudit = yes auditcfg = authn auditlog = /var/pdweb/log/audit.log logsize = 2000000 logflush = 20
If we are still using the logaudit approach, consider using the logcfg approach. The logcfg approach provides more configuration options, such as buffer size and event queues, and the ability to use the console, pipe, and remote log agents.
Parent topic: Audit event logging