Signed Audit LogChapter 7 Administrative Basics 277Deleting a Log ModuleYou can delete unwanted log plug-in modules using the CMS console. Beforedeleting a module, be sure to delete all the listeners that are based on this module;see “Log File Rotation” on page 269.To delete a module:1. Log in to the CMS console (see “Logging Into the CMS Console” on page 247).2. Select the Configuration tab.3. In the navigation tree, select Logs, and then in the right pane, select the LogEvent Listener Plug-in Registration tab.4. In the Plug-in Name list, select the module you want to delete and click Delete.5. When prompted, confirm the delete action.Signed Audit LogThe signed audit log is a feature that creates a log recording system events; theevents that are recorded are selectable from a list of events. This feature, whenenabled, records all system events and produces a verbose set of messages aboutthis activity; be careful when using this feature to provide enough space in your filesystem for this log. The signed audit log feature is disabled by default.You can also set this audit log up as a signed audit log. You enable this by settingthe logSigning parameter to enable and providing the nickname of the certificatethat will be used to sign this log.When this log is setup as a signed audit log, only a user with auditor privileges canaccess and view the log. Auditors can use the AuditVerify tool to verify thatsigned audit logs have not been tampered with.When you first set the server up, if you have not created a dedicated certificate forlog signing, but you want to turn on the auditing feature anyway, you can use thesinging certificate for that subsystem to sign the logs. To do this, specifycaSigningCert cert- as the value in thesignedAuditCertNickname parameter for a Certificate Manager, specify theappropriate signing certificate for other subsystems.You can also configure which events are recorded in the log by adding or deletingthe event type form the value of the events parameter. Table 7-3 lists the events thatare loggable events. To add an event, add the logging event to the list; to delete anevent, remove it from the list. Log events are separated by commas with no spaces.
