AnsweredAssumed Answered

Audits to File

Question asked by acalbazana on Jan 4, 2018
Latest reply on Jan 10, 2018 by acalbazana



Revising my question...  I wasn't clear on this at all


I have Splunk forwarding agent already installed on my gateways.  I'm looking for the configuration to ONLY log to the default log file.  I already have Splunk ingesting my gateway logs and I want to avoid the DB hits.


In Policy Manager, I only see the option in Manage Audit Sinks to send to DB, Sink, or both.  However, I have to choose one.  If writing to the log is done by default, why is a Sink needed? 


If it is needed, how should it be configured so that it becomes a No-Op?  Is the intent to have this set up as a "global" audit?  I'm okay with that if it is... Could someone please clarify for me?