Audit Trail Overrides

This setting specifies whether to override the global audit trail targets. If this parameter is set, the system uses the targets value in the current component; otherwise, the system uses the global configured value.

There are two target settings that can be overridden:

  • Whether the system sends the audit trail information to DirectAudit or not
  • Whether the system sends the audit trail information to the local logging system or not. On UNIX systems, the local logging system is syslog and on Windows systems it's the Windows event log.

For this setting, you specify a single numeric value to represent where the system will send the audit trail information. (Setting one value to signify two settings is called a bit mask.) The possible settings are as follows:

Value Override whether the audit trail information is sent to DirectAudit? Override whether the audit trail information is sent to the local logging system? Description
0

No

No

There is no override to the audit trail target of the current component. The system uses the global audit trail target value.

1

Yes

No

The system overrides just the audit trail target for DirectAudit.

This capability is supported by DirectAuditversion 3.2 and later.

2

No

Yes

The system overrides just the audit trail target for the local logging system.

If you're using a DirectAuditversion prior to version 3.2, this is the default setting.

3

Yes

Yes

The system overrides both the audit trail targets for DirectAuditand the local logging system.

If you're using DirectAuditversion 3.2 or later, this is the default setting.

This group policy modifies the audittrail.<product>.<component>.overrides settings in the agent configuration file. Each category has its own setting in that file.