When we deploy policies with the GMU we get a lot of Server Updated messages in the auditlog. We want to exclude this kind of audit records because it fills the database without usefull information. Is it possible to exclude these messages (without a code number)?
Node : vws-dca-wsgt-01.mst.mhsrijk.nlTime : 20170215 22:07:30.644Severity : FINEMessage : Server UpdatedAudit Record ID: 299f6f0655d71aeba026e2cab62c47bd
Event Type : System MessageNode IP : 10.136.107.10Action : UpdatedComponent : SecureSpan Gateway: ServerEntity name : Server
From reviewing your post it appears that the audit levels are set very low level. Please check the cluster wide properties for audit levels, log.levels, and the log settings in Manage Audit and Log section to ensure none are set low. Default for most is warning.
Director, CA Support
Thank you for responding. I get these audit messages with the default configuration. Even when I change the audit.adminThreshold, audit.detailThreshold and log.stdoutlevel to WARNING it is logged in the audit database. Maybe there is some hidden feature to disable these messages or a good reason to get these messages in the first place?
I've investigated this further and found that these messages are not configurable as noted in the documentation Gateway Auditing Threshold and Format - CA API Gateway - 9.2 - CA Technologies Documentation as the System Messages. I would suggest that you open an idea through the community as to how you would like to see this changed.
Thank you Stephen, I created an idea for configurable system audit events,
Make system audit events configurable