Installation Guides › Implementation Guide › Architectural Considerations › Architectural Use Cases › Redundancy and High Availability › Policy Server to Audit Store Communication

Policy Server to Audit Store Communication

By default, each Policy Server stores its own audit information to a text file. This text file is known as the Policy Server log. You can configure a Policy Server to log audit data directly to a database.

SOA Security Manager audit logs are typically used for audit and compliance purposes. Consider the following:

• Having all Policy Servers write to a centralized audit store, where all data can be queried at once, may be preferable. If you deploy a centralized audit store, we recommend a highly available deployment.

  Note: For more information about configuring an audit store, see the Policy Server Installation Guide. For more information about configuring failover, see the DNA Always Current Scheduler.

  Important! If you enable synchronous auditing, we recommend configuring failover to prevent an audit store outage from stopping all Policy Server authentications and authorizations. The Policy Server does not return the result of Agent authentication and authorization requests until the record is saved in the audit database. Users are not authenticated or authorized until the record is saved. For more information about configuring failover, see the DNA Always Current Scheduler.

• If your deployment cannot permit Policy Servers to write to a centralized audit store, you can use the smauditimport utility to import individual Policy Server logs into a centralized audit store.

  Note: For more information about Policy Server logging and the smauditimport tool, see the DNA Always Current Scheduler.

More information:

SOA Security Manager Audit Database