Application access audit event not generated for all Access Gateway resources

  • 7017846
  • 14-Jul-2016
  • 22-Jul-2016


NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
Access Gateway auditing event logging 'Application Accessed' enabled


Access Gateway 'Application Accessed' audit events is enabled in NAM 4.2 - the goal is to generate one audit event per user accessing back end applications, rather than 1000s of requests that would be logged with 'URL accessed' audit event. After enabling the change and monitoring the events in Sentinel back end, the admin noticed that some applications were missing - our of 19 applications, only 17 were reported.


The 'Application Accessed' audit event is only triggered for protected resources, which require user login. In the case where we have public resources, the AG does not generate a log audit event to rsyslogd and Sentinel never sees that event. If Application level logging is enabled, authentication must be required for that event.