For security auditing, CA ControlMinder keeps audit records for events of access denial or access grants according to the audit rules defined in the database.
Every accessor and resource has an AUDIT property that can be set to one or more of the following values:
Logs access failures by the accessor to the resource.
Logs successful accesses by the accessor to the resource.
Logs every logon failure by the accessor. (This value does not apply to resources.)
Note: There are two types of login events; Password Attempt Event(A LOGIN) and Login Event(P/D/W LOGIN). For more information see the Reference Guide.
Important: The Password Attempt Event is valid on Unix only.
Logs every successful logon by the accessor. (This value does not apply to resources.)
Logs the same information as FAIL, SUCCESS, LOGINFAIL, and LOGINSUCCESS for accessors or FAIL and SUCCESS for resources.
Logs nothing concerning the accessor or resource.
Logs the same information as ALL and all system events. (This value does not apply to resources.)
Whenever you create or update an accessor or resource record in the database, you can specify the AUDIT property. You can also specify whether email notification of logged events should be sent and to whom.
The records in the audit log accumulate according to these audit rules. The decision whether to log an event is based on the following:
In addition, if you set a user to be traceable, each time a trace record is written for that user, a corresponding audit record is written to the audit log.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|