AnsweredAssumed Answered

Audits to File

Question asked by acalbazana on Jan 4, 2018
Latest reply on Jan 10, 2018 by acalbazana

Hello,

 

Revising my question...  I wasn't clear on this at all

 

I have Splunk forwarding agent already installed on my gateways.  I'm looking for the configuration to ONLY log to the default log file.  I already have Splunk ingesting my gateway logs and I want to avoid the DB hits.

 

In Policy Manager, I only see the option in Manage Audit Sinks to send to DB, Sink, or both.  However, I have to choose one.  If writing to the log is done by default, why is a Sink needed? 

 

If it is needed, how should it be configured so that it becomes a No-Op?  Is the intent to have this set up as a "global" audit?  I'm okay with that if it is... Could someone please clarify for me?

 

 

Thanks!

 

Alejandro

Outcomes