Previous Topic: Setting Audit RulesNext Topic: How CA ControlMinder Determines the Audit Mode for a User


Defining the Audit Events That CA ControlMinder Writes to the Audit Log

CA ControlMinder writes access success and failures to the audit log. You define which access events CA ControlMinder writes to the audit log, by changing the value of the AUDIT property for the resource or accessor that you want to audit. You can also use this method to specify that CA ControlMinder logs every trace event to the audit log.

You use the AUDIT property to specify the audit events that CA ControlMinder writes to the audit log. Use selang or CA ControlMinder Endpoint Management to set the AUDIT property for resources and accessors as follows:

Value of AUDIT

What CA ControlMinder Logs

Applicable Objects

FAIL

Access failures

Users and resources

SUCCESS

Access successes

Users and resources

LOGINFAIL

Login failures

Users

LOGINSUCCESS

Login successes

Users

ALL

Equivalent to FAIL, SUCCESS, LOGINFAIL, LOGINSUCCESS, INTERACTIVE

Users and resources

TRACE

Equivalent to ALL plus all system events

Users

INTERACTIVE

User sessions on UNIX computers

Users

NONE

No logging

Users and resources

Note: If the audit property of a user is not set, the AUDIT value of a group or profile group can affect the audit mode CA ControlMinder uses for the user.