HP 3PAR StoreServ 7400 2-node HP 3PAR Policy Server Administrator's G - Page 60

• Agent evaluates a permission that has filters attached. When one or more filters are attached to a permission and a filter matches, the audit log displays a message that shows the asset name, action name, permission name, filter name, and the fact that there was a match. When none of the filters match and the default filter (the default access right) is applied, the audit log displays the asset name, action name, permission name, and then "default filter." If filter evaluation failed because the filter expression used unknown variables, the audit log reports, "Unknown symbol in filter expression for asset , action . Details: permission , filter , symbol=." If the filter expression has bad syntax, the audit log reports, "Invalid filter expression for asset , action . Details: permission , filter ." Audit Log Persistence The Agent gateway and Policy Agents queue all Policy Server-related auditing messages in their audit logs until they send them to Policy Server for processing. If the Policy Server is offline, the Agents persist the messages until they can communicate them to the Policy Server. If an Agent cannot communicate the messages to the Policy Server before the Agent's audit log has reached its maximum size, all new audit log entries are discarded. Policy-related Messages Sent to a SysLog Server Agents can send policy-related messages to a SysLog Server if they have been configured to do so. The configuration is done using Agent Builder, in the Policy Server Settings dialog box. The messages are NOT sent from Policy Server. Rather, the Agent collects the audit messages generated by its APMProxy component for delivery to the configured SysLog Server. Refer to the online help for Agent Builder for details. HP 3PAR Policy Server 6-10