Enabling access control without auditing on a managed computer
If you only enable access control features, the agent enforces the role-based privileges that enable users to log on, access PAM-based application, and run administrative or restricted shell commands. All of the role-based activity is traceable to the user’s own account credentials. However, the audit trail of user activity is only recorded in the computer’s local system log (syslog) facility. Information that is only stored in a computer’s syslog facility can be more difficult to monitor and query than information stored in a central repository such as Microsoft SQL Server database.