How to configure management servers from sending audit data to the Message Queue.
search cancel

How to configure management servers from sending audit data to the Message Queue.


Article ID: 9818


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


By default the Enterprise Manager, Load Balancing Enterprise Manager, and Distribution Server is setup to send local (embedded PIM endpoint) audit events to the Tibco queue queue/audit. This is also true for use of the Enterprise Manager's check-in/out and login functionally. This will cause a problem if you are not using CA User Activity Reporting Module or sending those events to another SEIM solution. These events will build up in the queue and eventually cause Tibco problems.


Privileged Identity Manager, 12.8, 12.9, 14.0


On the ReportAgent side this can be disabled by either the registry on Windows or the accommon.ini file on Linux. Here are two policy examples that you could push to your management servers to disable the feature. 


env config;er CONFIG ACCOMMON section(ReportAgent) token(audit_enabled) value(0) data_type(numeric)


env config;er CONFIG ACROOT section(ReportAgent) token(audit_enabled) value(0)

On the Enterprise Manager side you can disable sending the login, check-in/out events to this queue by following these steps. 

1. Login to Enterprise Manager with the system manager user. 

2. Go to System > Connection Management > CA User Activity Reporting > Modify Audit Collector. 

        3. Search and select ELM_Sender. Uncheck Job Enabled and submit.