Previous Topic: How to Change What CA ControlMinder Writes to the Audit LogNext Topic: Defining the Audit Events That CA ControlMinder Writes to the Audit Log


Setting Audit Rules

For security auditing, CA ControlMinder keeps audit records for events of access denial or access grants according to the audit rules defined in the database.

Every accessor and resource has an AUDIT property that can be set to one or more of the following values:

FAIL

Logs access failures by the accessor to the resource.

SUCCESS

Logs successful accesses by the accessor to the resource.

LOGINFAIL

Logs every logon failure by the accessor. (This value does not apply to resources.)

Note: There are two types of login events; Password Attempt Event(A LOGIN) and Login Event(P/D/W LOGIN). For more information see the Reference Guide.

Important: The Password Attempt Event is valid on Unix only.

LOGINSUCCESS

Logs every successful logon by the accessor. (This value does not apply to resources.)

ALL

Logs the same information as FAIL, SUCCESS, LOGINFAIL, and LOGINSUCCESS for accessors or FAIL and SUCCESS for resources.

NONE

Logs nothing concerning the accessor or resource.

Whenever you create or update an accessor or resource record in the database, you can specify the AUDIT property. You can also specify whether email notification of logged events should be sent and to whom.

The records in the audit log accumulate according to these audit rules. The decision whether to log an event is based on the following:

In addition, if you set a user to be traceable, each time a trace record is written for that user, a corresponding audit record is written to the audit log.