Configuring Enterprise Server Auditing

You can configure the audit facility to use syslog to create audit events and then specify where the events are sent.

The configuration is specified in the audit.cfg file, which must be located in the Enterprise Developer bin directory %ProgramFiles(x86)%\Micro Focus\Enterprise Developer\bin (Windows) $COBDIR/bin (UNIX). The configuration file follows the standard INI file format containing sections, properties and values.

The configuration file is read when the audit process is initialized. Changes made to the configuration file are not picked up by the audit process that is running. You must restart the audit process to reload a modified configuration file.

The following is an example of the audit.cfg configuration file:

[audit]
; The type of emitter used to output audit events, valid values [syslog]|[oldaudit].
emitter=syslog

; This section is for configuring the syslog emitter
[syslog]
; The hostname and port of the syslog collector, where the syslog packets are sent.
; The hostname may be a host name string, dotted IPv4 or hex IPv6 notation.
; If you are using TLS, the hostname value may be used for hostname verification. See serverCertHostname for more information.
hostname=
port=

; protocol: Specifies the protocol syslog should use, valid values [TCP]|[TLS].
protocol=TLS

; All configuration  values for syslog below this point are optional:
; tzKnown: If the timezone of this machine is known, this value should be 1. 
; If not known, it should be 0.
tzKnown=1
; isSynced: If this machine's clock is synced to a known external source, this must be set to 1. 
; Otherwise, it must be 0.
isSynced=0
; syncAccuracy: The accuracy to which the machine's clock is synced. This is an integer, in 
; microseconds, that the machine's clock may be off.
syncAccuracy=
; ip: The IP address of this machine. This may be a comma-delimited list, in the case of 
; multi-homed devices.
ip=192.168.0.1

; maxRetryTime: Configure how long (in seconds) the audit process should spend attempting to re-send data if a failure occurs. 
; The application will continue retrying until a time greater than this value has elapsed. 
; Negative values mean an infinite timeout. Defaults to 1. 
maxRetryTime=1 


; This section is for TLS configuration, which may be used by syslog.
[TLS]
; CARootFile: This is the certificate authority root file the client uses when connecting to verify 
; the server's certificate.
CARootFile=C:\Program Files (x86)\Micro Focus\DemoCA\private\CARootcert.pem

; All configuration values for TLS below this point are optional
; verifyServer: Specifies whether the client should verify the server's certificate or not. 
; Valid values: [true]|[false]. Default value is true.
verifyServer=true
; clientCertificate: The full file path to the client's certificate:
clientCertificate=C:\Program Files (x86)\Micro Focus\DemoCA\clicert.pem
; keyfile: The full file path to the client's key file:
keyfile=C:\Program Files (x86)\Micro Focus\DemoCA\clikey.pem
; keyfilePassphrase: If the keyfile has a passphrase, it is specified here:
keyfilePassphrase=srvrootpwd
; serverCertHostname: The value that is used to compare against the Hostname on the server's certificate. 
; If this is not specified (not present/commented out), by default the hostname specified in the syslog section is used. 
; If a value is not specified, for example 'serverCertHostname=', then the hostname verification is disabled.
serverCertHostname=