We are currently evaluating RSA Authentication Manager 8.2. One of the requirements is regular exporting of all Audit data to an external audit server. Preferably in syslog format.
The files messages, imsAdminAudit.log, imsRuntimeAudit.log and imsSystem.log would be ideal. However these files appear not to contain all audit records. For example, the Administrator's Guide specifically states for imsAdminAudit.log:
Note: Only contains data not written to the
Administrative Audit log stored in the internal
And this is what we are seeing. Only a subset of records are contained in these files.
Is there a way to get a complete set of audit records in one or more files?