Auditing using logaudit

WebSEAL and Plug-in for Web Servers continue to support audit logging that uses the logaudit entries and its related entries in the [aznapi-configuration] stanza. This approach uses the following stanza entries:

[aznapi-configuration]
logaudit
auditlog
auditcfg
logsize
logflush

This approach is comparable to the logcfg entry with a file agent.

For example, to capture authentication events, you can set the configuration file entries as follows:

[aznapi-configuration]
logaudit = yes
auditcfg = authn
auditlog = /var/pdweb/log/audit.log
logsize = 2000000
logflush = 20

If you are still using the logaudit approach, consider using the logcfg approach. The logcfg approach provides more configuration options, such as buffer size and event queues, and the ability to use the console, pipe, and remote log agents.