Previous Topic: Route Audit Events to the Windows Event LogNext Topic: The Audit Log

Endpoint Administration Guide for WindowsMonitoring and AuditingViewing Audit EventsRoute Audit Events to the Windows Event Log Channel

Route Audit Events to the Windows Event Log Channel

Valid for Windows Server 2008 only

If you configure CA ControlMinder to route audit events to the Windows event log channel, each time seosd writes an audit event to the CA ControlMinder audit log, a corresponding event is sent to the event log channel. The CA ControlMinder event log channel is named CA-AccessControl-AuthorizationEngine/Audit.

You can also configure CA ControlMinder to send Policy Model audit events to the event log channel. The Policy Model event log channel is named CA-AccessControl-Policy Models/Audit.

To route events to the event log channel

  1. Stop CA ControlMinder using the following command: 
    secons -s

    CA ControlMinder stops.

  2. Set the value of the SendAuditToNativeChannel token in the logmgr registry subkey to 1.

    Audit events are sent to the Windows event log channel.

  3. (Optional) Set the value of the SendAuditToNativeChannel token in the Pmd registry subkey to 1.

    Policy Model audit events are sent to the Windows event log channel.

  4. Restart CA ControlMinder using the following command: 
    seosd -start

    CA ControlMinder restarts.

Example: Route Audit Events to the Event Log Channel

The following example routes audit events to the event log channel. You must be in the remote configuration environment (env config) to use this command:

er config ACROOT section(logmgr) token(SendAuditToNativeChannel) value(1)

Example: Route Policy Model Audit Events to the Event Log Channel

The following example routes Policy Model audit events to the event log channel. You must be in the remote configuration environment (env config) to use this command:

er config ACROOT section(Pmd) token(SendAuditToNativeChannel) value(1)

More information:

Change Configuration Settings