Previous Topic: The Auditing ProcessNext Topic: Kernel and Audit Caches


How Auditing Works for Audit Events

The following diagram and steps demonstrate how auditing works for audit events:

The diagram describes how auditing works for audit events

Once the kernel notifies CA ControlMinder about the cached interception event, CA ControlMinder performs the following actions to log the audit event:

  1. Reconstructs the audit data using the audit cache out of the information sent by the kernel
  2. Puts the audit item in the audit queue