Route Audit Events to the Windows Event Log

Endpoint Administration Guide for Windows › Monitoring and Auditing › Viewing Audit Events › Route Audit Events to the Windows Event Log

Route Audit Events to the Windows Event Log

If you configure CA Access Control to route audit events to the Windows event log, each time seosd writes an audit event to the CA Access Control audit log, a corresponding event is sent to the event log. You can also configure CA Access Control to send Policy Model audit events to the event log.

To route events to the event log

Stop CA Access Control using the following command:
```
secons -s
```
CA Access Control stops.
Set the value of the SendAuditToNativeLog configuration setting in the logmgr section to 1.
Audit events are sent to the Windows event log.
(Optional) Set the value of the SendAuditToNativeLog configuration setting in the Pmd section to 1.
Audit events for policy models are sent to the Windows event log.
Restart CA Access Control using the following command:
```
seosd -start
```
CA Access Control restarts.

Example: Route Audit Events to the Event Log

The following example routes audit events to the event log. You must be in the remote configuration environment (env config) to use this command:

er config ACROOT section(logmgr) token(SendAuditToNativeLog) value(1)

Example: Route Policy Model Audit Events to the Event Log

The following example routes Policy Model audit events to the event log. You must be in the remote configuration environment (env config) to use this command:

er config ACROOT section(Pmd) token(SendAuditToNativeLog) value(1)

More information:

Change Configuration Settings