Policy Server Guides › Policy Server Administration Guide › Configuring Policy Server Data Storage Options › Configure a Separate Database for the Audit Logs

Configure a Separate Database for the Audit Logs

The audit log database is where the Policy Server stores audit logs containing event information.

Storing audit logs in a database has the potential add to latency to your environment. This latency occurs because of the additional traffic between the Policy Server and the database. As the amount of transactions increase, this database latency can affect the performance of the Policy Server. When the database slows down, the Policy Server also slows down.

Consider logging to a text file and exporting those logs to a database as an alternative if the performance of your database is unacceptable.

Follow these steps:

1. Choose Audit Log from the Database drop-down list.
2. Choose an available storage type from the Storage drop-down list.
3. Specify Storage Options appropriate for the chosen storage type.
4. Click Apply to save your settings, or click OK to save the settings and exit the Console.

When deciding whether to store the Policy Server audit logs in an ODBC database or text file, consider the following factors:

• CA SiteMinder® Reporting requires that the audit logs are written to an ODBC database. Reporting does not support the text file logs.
• CA SiteMinder® audit logging to an ODBC database and to a text file supports internationalization (I18N).
• By default, CA SiteMinder® administrator changes to policy store objects are not written to the audit database. These object changes are written to text files that are located in the siteminder_home\audit directory. You can configure CA SiteMinder® to include these events in reports.
• Synchronous logging affects the performance of the Policy Server more than asynchronous logging does.
• When logging to an ODBC database, set the following registry key values in the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Database\ registry location. These settings helps prevent losing auditing data under heavy load:

  ConnectionHangwaitTime

  We recommend 60 seconds for heavy loads. The default is 30 seconds.

  QueryTimeout

  We recommend 30 seconds for heavy loads. The default is 15 seconds.

  LoginTimeout

  We recommend 30 seconds for heavy loads. The default is 15 seconds.

  Note: The value of ConnectionHangwaitTime must always be at least double the value of QueryTimeout and LoginTimeout.

More information:

Record Administrator Changes to Policy Store Objects

How to Include CA SiteMinder® Administrative Audit Events in Reports