To collect audit data, the Report Agent reads the CA ControlMinder audit log files according to its configuration settings. The Report Agent reads a configured number of audit records from the audit log files at configured intervals. In a default legacy installation, or when you do not enable audit log routing during installation, CA ControlMinder keeps a single size-triggered audit log backup file. Every time the audit log reaches the configured maximum size, it creates a backup file, overwriting the existing audit log backup file. As a result, it is possible that the backup file will be overwritten before the Report Agent read all of its records.
We strongly recommend that you set CA ControlMinder to keep time-stamped backups of your audit log file. This way, CA ControlMinder does not overwrite the backup audit log files until it reaches a configured maximum of audit log files it should keep. This is the default setting when you enable the audit log routing sub-feature during installation on the endpoint.
Example: Audit Log Backup Settings
This example illustrates how the recommended configuration settings affect CA User Activity Reporting integration. When you enable the audit log routing sub-feature during installation on an endpoint, CA ControlMinder sets the following logmgr section configuration settings:
BackUp_Date=yes audit_max_files=50
In this case, CA ControlMinder timestamps each backup copy of the audit log file and keeps a maximum of 50 backup files. This provides plenty of opportunity for the Report Agent to read all of the audit records from the files and for you to copy the backup files for safe keeping if required.
Important! If you set audit_max_files to 0, CA ControlMinder does not delete backup files and will keep accumulating the files. If you want to manage the backup files through an external procedure, remember that CA ControlMinder protects these files by default.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|