Settings in the auditlog.conf file

Ops Center Automator Installation and Configuration Guide

Version

11.0.x

Audience

anonymous

Part Number

MK-99AUT000-24

You can set the following values in the auditlog.conf file.

Log.Facility (Linux only)

Specify a numeric value for the facility (the log type) required to output audit log data to the syslog file in Linux. (Default value: 1)

Log.Facility is ignored in Windows, even if it is specified. If an invalid value or a non-numeric character is specified, the default value is used.

The following table shows the correspondence between the specifiable values for Log.Facility and the facility defined in the syslog.conf file.

Specifiable value for `Log.Facility`	Facility defined in the syslog.conf file
`1`	`user`
`2`	`mail`^*
`3`	`daemon`
`4`	`auth`^*
`6`	`lpr`^*
`16`	`local0`
`17`	`local1`
`18`	`local2`
`19`	`local3`
`20`	`local4`
`21`	`local5`
`22`	`local6`
`23`	`local7`
*: Although you can specify this value, we do not recommend that you specify it.

To filter audit logs output to the syslog file, you can combine the facility specified for Log.Facility and the severity specified for each audit event.

The following table shows the correspondence between the severity of audit events and the severity defined in the syslog.conf file.

Severity of audit events	Severity defined in the syslog.conf file
0	`emerg`
1	`alert`
2	`crit`
3	`err`
4	`warning`
5	`notice`
6	`info`
7	`debug`

Log.Event.Category

Specify the audit event categories to be output. (Default value: none)

When specifying multiple categories, use commas (,) to separate them. In this case, do not insert spaces between categories and commas. If Log.Event.Category is not specified, audit log data is not output. Log.Event.Category is not case-sensitive. If an invalid category name is specified, the specified file name is ignored.

Valid categories: StartStop, Failure, LinkStatus, ExternalService, Authentication, AccessControl, ContentAccess, ConfigurationAccess, Maintenance, or AnomalyEvent

Log.Level (Effective in Windows only)

Specify the severity level of audit events to be output. (Default value: 6)

Events with the specified severity level or lower will be output to the event log file.

For details about the severity of each audit event, see the list of audit events output to the audit log.

Log.Level has an effect in Windows only. Log.Level is ignored in Linux, even if it is specified. Also, if an invalid value or a non-numeric character is specified, the default value is used.

The following table shows the correspondence between the specifiable value for Log.Level and the levels displayed in the event log.

Specifiable value for `Log.Level`	Levels displayed in the event log
`0`	Error
`1`
`2`
`3`
`4`	Warning
`5`	Information
`6`
`7`