We are currently evaluating RSA Authentication Manager 8.2. One of the requirements is regular exporting of all Audit data to an external audit server. Preferably in syslog format.
The files messages, imsAdminAudit.log, imsRuntimeAudit.log and imsSystem.log would be ideal. However these files appear not to contain all audit records. For example, the Administrator's Guide specifically states for imsAdminAudit.log:
Note: Only contains data not written to the
Administrative Audit log stored in the internal
database.
And this is what we are seeing. Only a subset of records are contained in these files.
Is there a way to get a complete set of audit records in one or more files?
Ran across this post when researching a similar issue. Better late than never! For historical tracking - I would check out 000032240 - Formatting for syslog data sent from RSA Authentication Manager 8.x