XYGATE User Authentication Reference Manual
XYPRO Technology Corporation 51 Proprietary and Confidential
Chapter 9. Deciding on the Amount of
Logon-Specific Auditing
After the criteria are developed and the behavior determined for both successful and
failed logons, the auditing can be modified.
In general, auditing is determined by the values defined by the keywords described in
Appendix A: “The UACONF File.” These keywords will override specific XUA logon
rules.
9.1 Keywords
The NOAUDIT keyword causes the logon event to be omitted from the audit tables.
The EMS_CRITICAL_IF_DENIED keyword causes failed-authentication audit
messages to be marked as critical, an internal audit attribute. When the AUDIT
keyword includes the CRITICAL sub-keyword, only messages marked as critical are
included in the audit. When audit messages marked as critical are sent to a collector
via the EMS SPI interface, messages are sent with the EMS CRITICAL attribute set.
The AUDIT_ACCESS_PASS keyword determines if the successful logon event will be
written to the audit logs.
The AUDIT_ACCESS_FAIL keyword determines if the failed logon event will be written
to the audit logs.