Previous Topic: Route Audit Events to the Windows Event Log ChannelNext Topic: Audit Record Filters


The Audit Log

The audit log is stored in a file. The value audit_log in the following Windows registry subkey specifies the location of the audit log file:

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\logmgr

The default value for this key is:

C:\Program Files\CA\Access Control\log\seos.audit

By default, CA ControlMinder automatically backs up the audit log when it reaches 1024 KB. You can change this size by changing the value audit_size in the subkey:

HKEY_LOCAL_MACHINE\Software\ComputerAssociates\AccessControl\logmgr

You can also choose to back up the audit log periodically (daily, weekly, or monthly) by changing the value BackUp_Date in the Windows registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\logmgr

Note: For more information about these registry subkeys, see the Reference Guide.

Using Audit Logs

CA ControlMinder provides two built‑in tools for viewing, filtering, and searching the audit logs:

You can display every record in the audit log, or you can use filters to select particular records from the audit log.

The remainder of this chapter describes how to view the records in the audit log when using audit filters in CA ControlMinder Endpoint Management.