You can use a filter file to prevent CA ControlMinder from sending every audit record in the log file to CA User Activity Reporting. The filter file specifies the audit records that are not sent to CA User Activity Reporting.
Note: This filter file prevents CA ControlMinder from sending the specified audit events to the Distribution Server, but does not stop CA ControlMinder from writing the audit events to the local files. To filter out audit events from the local audit file, modifyfilter rules in the file defined be the AuditFiltersFile configuration setting in the logmgr section (by default, audit.cgf).
To filter events from CA User Activity Reporting, edit the audit filter file on the endpoint. If you want to apply the same filtering rules to more than one endpoint, we recommend that you create an audit filtering policy and assign the policy to the endpoints where you want it to be effective.
Note: For more information, see the Reference Guide.
Example: Audit Filter Policy
This example shows you what an audit filtering policy looks like:
env config er config auditrouteflt.cfg line+("FILE;*;*;R;P")
This policy writes the following line to the auditrouteflt.cfg file:
FILE;*;*;R;P
This line filters audit records that record a permitted attempt by any accessor to access any file resource for reading. CA ControlMinder will not send these audit records to the Distribution Server.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|