Selective auditing is a mechanism to configure emitting audit events for only specific users, groups, resources, or transactions. This is currently only supported for the MLDAP ESM module.
When enabled, most audit events will cease to be emitted. Only if the affected entity/entities have the auditing attribute value set to TRUE will an event be emitted.
A new attribute is required to make use of the new selective auditing feature: - "microfocus-MFDS-Audit". This is an optional attribute for user, user group, and resource object classes. If there is already an existing LDAP repository with Micro Focus extensions installed. See Adding the auditing attribute to the LDAP schema for more information.
The following describes which entities are examined for requests. At this time, only Verify and Auth/XAuth requests are audited:
In Verify requests, the affected entities are the user and the signon group. The user is checked first, which means that the group might not need to be examined for the audit attribute value. This results in fewer MLDAP searches being required.
If All Groups mode is enabled, all groups that the user is a member of are checked for the auditing attribute value. This may result in performance degradation during user signon. If any group has the auditing property set, the Verify request will be audited.
In Auth/XAuth requests, the affected entries are the user, the signon group or the user's group set (if All Groups mode is enabled), the resource being accessed, and the transaction. The users and groups auditing attribute value are not checked at this time; they are remembered from the Verify request in the ACEE. The resource is then checked, and if it does not have the auditing property set, the transaction is then checked.
The esfupdate command line utility can be used to refresh ACEEs present in the system. Updating either users or groups will result in all related ACEEs updating their auditing status.