|
|
|
Beginning with SiteMinder v5.x, you can filter the kinds of access events you want to audit and log using the Auditing tab on the Policy Server Management Console. For example, for each of the four event categories you can select Log All Events or Log No Events.
In addition, for the Authentication, Authorization, and Administration categories, you can select Log Rejection Events Only. For example, if this option is selected for the Authentication category, SmLogAccessEvent_AuthReject events would be logged, but SmLogAccessEvent_AuthAccept events would not be. Also, note the following behavior when Log Rejection Events Only is selected:
A login attempt that does not result in an accepted authentication is considered a failure. However, because the authentication was not actually rejected, events are not logged if Log Rejection Events Only is selected.
You can use SmLogAccessEvent_AuthAttempt events for intrusion detection.
A challenge is not considered a failure. It simply indicates a need for additional authentication information. However, because a challenge involves a rejected authentication, events are logged if Log Rejection Events Only is selected.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |