Endpoint Administration Guide for Windows › Monitoring and Auditing › The Auditing Process › How Auditing Works for Audit Events
How Auditing Works for Audit Events
The following diagram and steps demonstrate how auditing works for audit events An audit event is an event for which the kernel cache has enough information to process for auditing purposes; it is also known as a cached intercepted event. An audit event is the result of an interception event being cached.:
Once the kernel notifies CA ControlMinder about the cached interception event, CA ControlMinder performs the following actions to log the audit event:
- Reconstructs the audit data using the audit cache out of the information sent by the kernel
- Puts the audit item in the audit queue
Copyright © 2013 CA Technologies.
All rights reserved.
|
|