Native auditing
Auditing is defined as the logging of audit records. It includes the collection of data about system activities that affect the secure operation of the Verify Identity Access server processes. Each Verify Identity Access server can capture audit events whenever any security-related auditable activity occurs.
Auditing uses the concepts of a record, an audit event, and an audit trail. Each audited activity is called an audit event. The output of a specific server event is called a record. An audit trail is a collection of multiple records that document the server activity.
When configuring for auditing, think about the source of the events that you want to capture. Audit trail files can capture authorization, authentication, and management events that are generated by the Verify Identity Access servers. There are multiple sources for auditing events that you want to gather. You can collect either a combination or all the different types of auditing events at the same time. Table 1 shows some of the event types that can be used for native auditing.
| Event category | Description |
|---|---|
| audit.authz | Authorization events for WebSEAL servers, currently, WebSEAL servers might or might not generate authorization events. |
| audit.azn | Authorization events for base servers |
| audit.authn | Authentication, credential acquisition authentication, password change, and logout events |
| audit.authn.successful | Successful authentication credential acquisition authentication, password change, and logout events |
| audit.authn.unsuccessful | Failed authentication credential acquisition authentication, password change, and logout events |
| audit.http | HTTP access events |
| audit.http.successful | Successful HTTP access events |
| audit.http.unsuccessful | Failed HTTP access events |
| audit.mgmt | Management events |
| http | HTTP logging information |
| http.clf | HTTP request
information defined by the request-log-format
configuration entry in the [logging] stanza. clf stands
for common log format. |
| http.ref | HTTP Referrer header information |
| http.agent | HTTP User Agent head information |