Audit event logging overview
Use the Audit Configuration feature to enable logging of audit events.
Before you begin
- If you plan to use a syslog server on a remote machine, ensure that you have the information of the location of the syslog server.
- If you plan to use a TLS type protocol, ensure that the server certificate was imported into the chosen certificate database.
- If you plan to use client certificate to authenticate to the syslog server, ensure that the certificate is trusted by the syslog server. The certificate must be imported into the chosen certificate database.
About this task
Procedure
Results
Notes:
- Audit events that are generated by Advanced Access Control vary in size. Some events can exceed default sizes of some remote syslog server implementations. Ensure that remote syslog servers are configured to handle large events. Consider configuring the servers to accept audit records up to 6 kB in size. Truncation of audit events by the servers may occur if the limits are not sufficiently increased.
- When you choose a protocol, use TLS. TLS is the preferred protocol for production environments.
What to do next
Deploy the configuration settings.