Hello all. We have a strange finding with Audit Messaging.
In a policy we use the assertion 'Audit Messages in Policy' to record audit events at level INFO.
After this we use assertion 'Require SSL Transport with Client Certificate Authentication'
When this fails we want to save this in the Audit, using 'Add Audit Details', but only if we didn't already save this in the past minute (using cache lookup and store). We use client ip and service to relate to it.
This construction we use a lot, so we have made a Policy fragment for this.
The finding we have that in one policy in PROD environment all events are logged, but not with the Details!
The same policy on other environments (DEV, TEST, QA) only logs 1 Audit Detail per minute per client ip.
Other policies which use the same fragment on PROD environment also log 1 Audit Detail per minute per client.
Does someone hav any idea why this could happen especially on one environment in one policy?
BTW, we use version 11.0.
Thanks in advance for your response.
Sebastian .