In Tutorial 6 we made the following selection for the individual headers:
SecAuditLogParts ABEFHIJKZ
We have defined a very comprehensive log. This is the right approach in a lab-like setup. However, in a production environment this is only useful in exceptional cases. A typical variation of this directive in a production environment would thus be:
They don't seem to be necessary.