Endpoint Administration Guide for Windows › Monitoring and Auditing › The Auditing Process › How Auditing Works for Audit Events
How Auditing Works for Audit Events
The following diagram and steps demonstrate how auditing works for audit events An audit event is an event for which the kernel cache has enough information to process for auditing purposes; it is also known as a cached intercepted event. An audit event is the result of an interception event being cached.:
Once the kernel notifies CA Access Control about the cached interception event, CA Access Control performs the following actions to log the audit event:
- Reconstructs the audit data using the audit cache out of the information sent by the kernel
- Puts the audit item in the audit queue
|
Copyright © 2012 CA.
All rights reserved.
|
|
