In the [logmgr] section, the tokens control the behavior of the logging facility.
Specifies the name of the audit log backup file. Only CA ControlMinder can write to this file. Users can have READ access only to this file.
Default: ACInstallDir/log/seos.audit.bak
Specifies the group that can read the audit logs. If you set this token to none, only root can read the audit logs. CA ControlMinder does not verify the value of this token, so if you enter an invalid group name, CA ControlMinder does not assign any group permissions to the audit log files.
To change the group ownership of an existing audit log file, complete the following steps:
Use the selang command chgrp to set the group ownership of the files.
Change the UNIX permissions by entering the following command:
chmod 640 ACInstallDir/log/seos.audit
Default: none
Specifies the name of the audit log file. When this file reaches the size specified in audit_size, CA ControlMinder closes the file, renames it with the name in audit_back, and creates a new audit log. Only CA ControlMinder can write to this file. Users can have READ access only to this file.
Default: ACInstallDir/log/seos.audit
Defines the maximal number of audit log backup files CA ControlMinder accumulates when it performs date-triggered backups. When the BackUp_Date configuration setting is set to anything other than none, CA ControlMinder continuously accumulates date-triggered backup files. This configuration setting lets you reduce disk space CA ControlMinder uses for audit log backups. When the number of audit log backup files reaches the limit you set, CA ControlMinder deletes the oldest backup file when it creates the newest.
Values:
Note: You cannot remove redundant audit log backup files manually because CA ControlMinder protects these automatically. Also, if the audit reporting is enabled, CA ControlMinder does not delete a backup file until the Report Agent finishes processing it.
Default: 0
Specifies the maximum size, in KB, of the audit log file.
Minimum value: 50 KB.
Default: 10240
Note: CA ControlMinder stops writing audit records to the audit file when the audit file size exceeds 2 GB.
Specifies the criterion by which CA ControlMinder backs up the audit log file, and if CA ControlMinder adds a timestamp to the backup file name.
CA ControlMinder always backs up the audit log file when it reaches the size specified in the audit_size configuration setting.
Values: none, yes, daily, weekly, monthly
Note: CA ControlMinder counts the specified interval from the time that it creates the first audit log file, and backs up the file at midnight on the appropriate day.
Example: The configuration setting has a value of weekly and CA ControlMinder creates the audit log file at 9:00 a.m. Friday 1 April. Many audit events occur this week and the audit log file exceeds the audit_size configuration setting on Monday 4 April. CA ControlMinder backs up the audit log file on 4 April and adds a timestamp to the backup file name. A week after the audit log file was first created, at midnight Friday 8 April, CA ControlMinder again backs up the audit log file and adds a timestamp to the backup file name.
Default: NONE
Specifies the name of the error log backup file.
Default: ACInstallDir/log/seos.error.bak
Specifies the group that can read the error log files. If you set this token to none, only root can read the error log files. CA ControlMinder does not verify the value of this token, so if you enter an invalid group name, CA ControlMinder does not assign any group permissions to the error log files.
To change the group ownership of an existing error log file, complete the following steps:
Use the selang command chgrp to set the group ownership of the files.
Change the UNIX permissions by entering the following command:
chmod 640 ACInstallDir/log/seos.audit
Default: none
Specifies the name of the error log file. When this file reaches the size specified in error_size, CA ControlMinder closes the file, renames it with the name in error_back, and creates a new error log. Only CA ControlMinder can write to this file.
Default: ACInstallDir/log/seos.error
Defines the maximum size, in KB, of the error log file.
Limits: A minimum value of 50 KB.
Default: 50
Specifies whether the IR API library routes audit events of existing PMDs in addition to the local security daemon audit events.
“all” - routes audit events of Policy Models in addition to the local security daemon audit events.
“localhost” - routes audit events of the local security daemon only.
Default: all
Prevents TCP-CONNECTED records from being written to the audit log.
Set logconnected to No to use this feature.
Default: no
Copyright © 2013 CA Technologies.
All rights reserved.
|
|