Route Audit Events to the Windows Event Log Channel

Endpoint Administration Guide for Windows › Monitoring and Auditing › Viewing Audit Events › Route Audit Events to the Windows Event Log Channel

Route Audit Events to the Windows Event Log Channel

Valid for Windows Server 2008 only

If you configure CA Access Control to route audit events to the Windows event log channel, each time seosd writes an audit event to the CA Access Control audit log, a corresponding event is sent to the event log channel. The CA Access Control event log channel is named CA-AccessControl-AuthorizationEngine/Audit.

You can also configure CA Access Control to send Policy Model audit events to the event log channel. The Policy Model event log channel is named CA-AccessControl-Policy Models/Audit.

To route events to the event log channel

Stop CA Access Control using the following command:
```
secons -s
```
CA Access Control stops.
Set the value of the SendAuditToNativeChannel token in the logmgr registry subkey to 1.
Audit events are sent to the Windows event log channel.
(Optional) Set the value of the SendAuditToNativeChannel token in the Pmd registry subkey to 1.
Policy Model audit events are sent to the Windows event log channel.
Restart CA Access Control using the following command:
```
seosd -start
```
CA Access Control restarts.

Example: Route Audit Events to the Event Log Channel

The following example routes audit events to the event log channel. You must be in the remote configuration environment (env config) to use this command:

er config ACROOT section(logmgr) token(SendAuditToNativeChannel) value(1)

Example: Route Policy Model Audit Events to the Event Log Channel

The following example routes Policy Model audit events to the event log channel. You must be in the remote configuration environment (env config) to use this command:

er config ACROOT section(Pmd) token(SendAuditToNativeChannel) value(1)

More information:

Change Configuration Settings

The Policy Model Database