Auditing

There are two methods for auditing different types of activity by configuring the ESCWA interface:

Enable Consolidated Tracing Facility Auditing

You can configure process auditing by enabling the Consolidated Tracing Facility (CTF) trace file, this will collect information on security-related events and preserve it for later review. To enable CTF auditing, perform the following steps:

  1. Click the configuration () icon at the top right of the page.

    This opens the Enterprise Server Administration Configuration dialog box.

  2. Click Tracing and Logging Settings.

    This expands the section.

  3. Check Enable Auditing.
  4. Click Apply.

This will log ESCWA audit events in category 2 and 5. See Audit Event Codes for more information.

Enable External Security Facility Auditing

You can configure External Security Facility (ESF) auditing to collect information about ESCWA ESF events. To enable ESCWA ESF auditing, perform the following steps:

  1. In the menu bar, click Security.
  2. Click ESCWA Configuration in the navigation pane.

    This displays the ESCWA Security Facility Configuration page.

  3. Check Create audit events.
  4. Click Apply.

See Enterprise Server Auditing chapter and the Configuring Enterprise Server Auditing topic for more information on the configuration requirements outside of ESCWA including the audit.cfg file.

Note: You can also configure ESF auditing in the context of Directory Servers, the default security ESF configuration, and specific enterprise server region ESF configuration.
Parent topic: Enterprise Server Common Web Administration
Related reference
Tracing and Logging Settings
Enterprise Server Auditing
Restricting ESCWA with ESF
Audit Event Codes
Configuring Enterprise Server Auditing