|
|
|
The kernel cache contains data about previously intercepted events. The kernel identifies such cached intercepted events (audit events) and sends them to CA Access Control for processing. Essentially, CA Access Control uses the kernel cache to intercept events that follow the same pattern as a previously intercepted event.
The audit cache contains data that lets CA Access Control reconstruct reoccurring audit records and send them to the audit queue without needing to follow the authorization process. This means that intercepted events, for which enough information already exists in the cache (audit events), are processed quickly and added to the audit queue. The authorization engine provides the data that is stored in the kernel and audit caches from the result of the initial event it intercepted (the interception event).
| Copyright © 2012 CA. All rights reserved. |
|