Description:

What is recorded in the audit log database and how to configure the information that will be audited?

Solution:

You configure the audit database by using the policy server management console Logs tab. Information logged is:

Authentication Events (Log No Events/ Log Rejection Events Only/ Log >All Events) include anonymous users
Authorization Events Events (Log No Events/ Log Rejection Events > Only/ Log All Events) include anonymous users
Affiliate Events Events (Log No Events/ Log All Events)
Administrator Access Events (Log No Events/ Log Rejection Events >Only/ Log All Events)

Additionally you can configure the Administrator Changes to Policy Store Objects events by using the XPSConfig : XPS/AuditEnabled

To configure audit logging, select options in the Policy server Management console under "smconsole > Logs > PolicyServerAudit Logs".

To get maximum logging for "Administrator Access Events" and "Administrator Changes to Policy Store Objects" make sure "Log all Events" is selected.