|
|
|
To collect audit data, the Report Agent reads the CA Access Control audit log files according to its configuration settings. The Report Agent reads a configured number of audit records from the audit log files at configured intervals. In a default legacy installation, or when you do not enable audit log routing during installation, CA Access Control keeps a single size-triggered audit log backup file. Every time the audit log reaches the configured maximum size, it creates a backup file, overwriting the existing audit log backup file. As a result, it is possible that the backup file will be overwritten before the Report Agent read all of its records.
We strongly recommend that you set CA Access Control to keep time-stamped backups of your audit log file. This way, CA Access Control does not overwrite the backup audit log files until it reaches a configured maximum of audit log files it should keep. This is the default setting when you enable the audit log routing sub-feature during installation on the endpoint.
Example: Audit Log Backup Settings
This example illustrates how the recommended configuration settings affect CA User Activity Reporting Module integration. When you enable the audit log routing sub-feature during installation on an endpoint, CA Access Control sets the following logmgr section configuration settings:
BackUp_Date=yes audit_max_files=50
In this case, CA Access Control timestamps each backup copy of the audit log file and keeps a maximum of 50 backup files. This provides plenty of opportunity for the Report Agent to read all of the audit records from the files and for you to copy the backup files for safe keeping if required.
Important! If you set audit_max_files to 0, CA Access Control does not delete backup files and will keep accumulating the files. If you want to manage the backup files through an external procedure, remember that CA Access Control protects these files by default.
| Copyright © 2012 CA. All rights reserved. |
|