Audit event logging

To enable logging, define entries in the configuration file.

Steps

1. Specify the type of audit event.

2. Set the location of the audit log.
   On Windows operating systems, newly created files are given Full Control permissions or inherit permissions from the parent directory. To protect audit files from possible tampering, manually modify the permission settings to Read & Execute on newly created files and on any parent directory.

3. Specify the maximum file size.

4. Specify the file flush interval.

• Log agents
  
• Configure audit events
  Independent of the logging agent, configure which audit events to capture using the logcfg entry.
• Defining logcfg entries
  
• Disabling resource access events
  We can use protected object policies (POPs) to selectively disable auditing of access to particular resources.
• Process flow for logcfg logging
  The following example process flow assumes the [aznapi-configuration] stanza of a WebSEAL configuration file.
• Audit using logaudit
  

Parent topic: Native Security Verify Access auditing