Full Auditing

By default the ec-event-rules.xml file causes all messages passed to it to be audited.

To enable full auditing, therefore, you need to modify ec-probe-rules.xml so that it ensures that all messages of level AUDIT are forwarded to the central Event Collector database, and then the default behavior will be to audit them.

The ec-probe-rules.xml file contains instructions on how to enable this:

• Uncomment the commented-out severities rule
• Comment out or delete the message Ids section.

Copyright © Cloud Software Group, Inc. All rights reserved.