Previous Topic: The Audit LogNext Topic: Audit Display Filters


Audit Record Filters

The audit.cfg file filters audit records on a host by defining records that should not be sent to the audit file. Each line in the file represents a rule for filtering out audit information (that is, the records that match the criteria in the line will not appear in the audit file). This filter helps to limit the size of the seos.audit file by keeping only the records needed. You can edit the audit.cfg file to suit your enterprise requirements.

By default, the audit.cfg file is located in the ACInstallDir/etc directory (UNIX) or ACInstallDir\data directory (Windows). You can change the location of the audit.cfg file by editing the [logmgr] AuditFiltersFile token in the seos.ini file (UNIX), or the AuditFiltersFile entry in the logmgr registry key (Windows).

The CA ControlMinder Engine, seosd, reads the audit.cfg file at startup. When a message is sent to the audit file, seosd checks if the message matches one of the rules in the audit.cfg file. If the message matches a rule, the message is not written to the audit file.

Note: For more information about the audit.cfg file, see the Reference Guide.