

Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-06-04
16:18
542 views
Auditing IDM events - where is the config stored?
Stupid question, but when you use iManager and enable auditing on the
IDM driver/driverset either through Audit or CEF or XDAS, where is the
config stored?
It persists between iManager sessions, ergo it is stored. BUt I was
looking at the objects in LDAP and cannot quite see where they are being
written.
On the NCP Server object eDir auditing is stored in one of three
multivalued attributes:
NAuditINstrumentation
xdasConfiguration
cefConfiguration (I think, I should look this one up).
They use different formats, but whatever.
I do not see the IDM auditing options I selected written there, nor on
the driver nor driverset objects, in any place obvious that I looked.
Anyone know?
IDM driver/driverset either through Audit or CEF or XDAS, where is the
config stored?
It persists between iManager sessions, ergo it is stored. BUt I was
looking at the objects in LDAP and cannot quite see where they are being
written.
On the NCP Server object eDir auditing is stored in one of three
multivalued attributes:
NAuditINstrumentation
xdasConfiguration
cefConfiguration (I think, I should look this one up).
They use different formats, but whatever.
I do not see the IDM auditing options I selected written there, nor on
the driver nor driverset objects, in any place obvious that I looked.
Anyone know?
4 Replies


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-06-04
16:22
On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
> Stupid question, but when you use iManager and enable auditing on the
> IDM driver/driverset either through Audit or CEF or XDAS, where is the
> config stored?
>
> It persists between iManager sessions, ergo it is stored. BUt I was
> looking at the objects in LDAP and cannot quite see where they are being
> written.
>
> On the NCP Server object eDir auditing is stored in one of three
> multivalued attributes:
> NAuditINstrumentation
> xdasConfiguration
> cefConfiguration (I think, I should look this one up).
>
> They use different formats, but whatever.
>
> I do not see the IDM auditing options I selected written there, nor on
> the driver nor driverset objects, in any place obvious that I looked.
>
> Anyone know?
Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
guess there is a mapping of values to events?
Is that somewhere?
> Stupid question, but when you use iManager and enable auditing on the
> IDM driver/driverset either through Audit or CEF or XDAS, where is the
> config stored?
>
> It persists between iManager sessions, ergo it is stored. BUt I was
> looking at the objects in LDAP and cannot quite see where they are being
> written.
>
> On the NCP Server object eDir auditing is stored in one of three
> multivalued attributes:
> NAuditINstrumentation
> xdasConfiguration
> cefConfiguration (I think, I should look this one up).
>
> They use different formats, but whatever.
>
> I do not see the IDM auditing options I selected written there, nor on
> the driver nor driverset objects, in any place obvious that I looked.
>
> Anyone know?
Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
guess there is a mapping of values to events?
Is that somewhere?


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-06-04
16:24
On 6/4/2018 11:22 AM, Geoffrey Carman wrote:
> On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
>> Stupid question, but when you use iManager and enable auditing on the
>> IDM driver/driverset either through Audit or CEF or XDAS, where is the
>> config stored?
>>
>> It persists between iManager sessions, ergo it is stored. BUt I was
>> looking at the objects in LDAP and cannot quite see where they are
>> being written.
>>
>> On the NCP Server object eDir auditing is stored in one of three
>> multivalued attributes:
>> NAuditINstrumentation
>> xdasConfiguration
>> cefConfiguration (I think, I should look this one up).
>>
>> They use different formats, but whatever.
>>
>> I do not see the IDM auditing options I selected written there, nor on
>> the driver nor driverset objects, in any place obvious that I looked.
>>
>> Anyone know?
>
> Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
> guess there is a mapping of values to events?
>
> Is that somewhere?
Wait, wait, what?
Schema Manager in Designer says this is Read Only? I feel as though I am
missing something simple.
> On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
>> Stupid question, but when you use iManager and enable auditing on the
>> IDM driver/driverset either through Audit or CEF or XDAS, where is the
>> config stored?
>>
>> It persists between iManager sessions, ergo it is stored. BUt I was
>> looking at the objects in LDAP and cannot quite see where they are
>> being written.
>>
>> On the NCP Server object eDir auditing is stored in one of three
>> multivalued attributes:
>> NAuditINstrumentation
>> xdasConfiguration
>> cefConfiguration (I think, I should look this one up).
>>
>> They use different formats, but whatever.
>>
>> I do not see the IDM auditing options I selected written there, nor on
>> the driver nor driverset objects, in any place obvious that I looked.
>>
>> Anyone know?
>
> Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
> guess there is a mapping of values to events?
>
> Is that somewhere?
Wait, wait, what?
Schema Manager in Designer says this is Read Only? I feel as though I am
missing something simple.
klasen

Micro Focus Expert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-06-05
08:48
Hi Geoffrey,
On 2018-06-04 17:24, Geoffrey Carman wrote:
> On 6/4/2018 11:22 AM, Geoffrey Carman wrote:
>> On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
>>> Stupid question, but when you use iManager and enable auditing on the
>>> IDM driver/driverset either through Audit or CEF or XDAS, where is
>>> the config stored?
>>>
>>> It persists between iManager sessions, ergo it is stored. BUt I was
>>> looking at the objects in LDAP and cannot quite see where they are
>>> being written.
>>>
>>> On the NCP Server object eDir auditing is stored in one of three
>>> multivalued attributes:
>>> NAuditINstrumentation
>>> xdasConfiguration
>>> cefConfiguration (I think, I should look this one up).
>>>
>>> They use different formats, but whatever.
>>>
>>> I do not see the IDM auditing options I selected written there, nor
>>> on the driver nor driverset objects, in any place obvious that I looked.
>>>
>>> Anyone know?
>>
>> Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
>> guess there is a mapping of values to events?
Most of them are documented at
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/constant-values.html#com.novell.nds.dirxml.util.DxConst.LOG_EV_ADD_ASSOCIATION
There are a few more utility functions in
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/util/DxConst.html
>>
>> Is that somewhere?
>
> Wait, wait, what?
>
> Schema Manager in Designer says this is Read Only? I feel as though I am
> missing something simple.
One has to use extended operations to set the attribute:
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/ldap/SetLogEventsRequest.html
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/?com/novell/nds/dirxml/ldap/ClearLogEventsRequest.html
For the logging protocol, I think that DirXML-LogEvents = 69 -> XDAS and
DirXML-LogEvents = 70 -> Naudit/CEF.
In 4.7 there is an additional attribute to choose between NAudit and
CEF: DirXML-LogEventsType: 1 -> NAudit 2 -> CEF
--
Norbert
On 2018-06-04 17:24, Geoffrey Carman wrote:
> On 6/4/2018 11:22 AM, Geoffrey Carman wrote:
>> On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
>>> Stupid question, but when you use iManager and enable auditing on the
>>> IDM driver/driverset either through Audit or CEF or XDAS, where is
>>> the config stored?
>>>
>>> It persists between iManager sessions, ergo it is stored. BUt I was
>>> looking at the objects in LDAP and cannot quite see where they are
>>> being written.
>>>
>>> On the NCP Server object eDir auditing is stored in one of three
>>> multivalued attributes:
>>> NAuditINstrumentation
>>> xdasConfiguration
>>> cefConfiguration (I think, I should look this one up).
>>>
>>> They use different formats, but whatever.
>>>
>>> I do not see the IDM auditing options I selected written there, nor
>>> on the driver nor driverset objects, in any place obvious that I looked.
>>>
>>> Anyone know?
>>
>> Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
>> guess there is a mapping of values to events?
Most of them are documented at
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/constant-values.html#com.novell.nds.dirxml.util.DxConst.LOG_EV_ADD_ASSOCIATION
There are a few more utility functions in
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/util/DxConst.html
>>
>> Is that somewhere?
>
> Wait, wait, what?
>
> Schema Manager in Designer says this is Read Only? I feel as though I am
> missing something simple.
One has to use extended operations to set the attribute:
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/ldap/SetLogEventsRequest.html
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/?com/novell/nds/dirxml/ldap/ClearLogEventsRequest.html
For the logging protocol, I think that DirXML-LogEvents = 69 -> XDAS and
DirXML-LogEvents = 70 -> Naudit/CEF.
In 4.7 there is an additional attribute to choose between NAudit and
CEF: DirXML-LogEventsType: 1 -> NAudit 2 -> CEF
--
Norbert
--
Norbert
Norbert


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-06-05
14:48
>> Wait, wait, what?
>>
>> Schema Manager in Designer says this is Read Only? I feel as though I am
>> missing something simple.
>
> One has to use extended operations to set the attribute:
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/ldap/SetLogEventsRequest.html
Which explains why my LDAP tool is not seeing it. But Alekz's Console2
is, since he has a tool to copy Audit settings.
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/?com/novell/nds/dirxml/ldap/ClearLogEventsRequest.html
>
>
> For the logging protocol, I think that DirXML-LogEvents = 69 -> XDAS and
> DirXML-LogEvents = 70 -> Naudit/CEF.
>
> In 4.7 there is an additional attribute to choose between NAudit and
> CEF: DirXML-LogEventsType: 1 -> NAudit 2 -> CEF
Thanks for the notes Norbert, I totally had missed out on these
attributes before.
>>
>> Schema Manager in Designer says this is Read Only? I feel as though I am
>> missing something simple.
>
> One has to use extended operations to set the attribute:
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/ldap/SetLogEventsRequest.html
Which explains why my LDAP tool is not seeing it. But Alekz's Console2
is, since he has a tool to copy Audit settings.
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/?com/novell/nds/dirxml/ldap/ClearLogEventsRequest.html
>
>
> For the logging protocol, I think that DirXML-LogEvents = 69 -> XDAS and
> DirXML-LogEvents = 70 -> Naudit/CEF.
>
> In 4.7 there is an additional attribute to choose between NAudit and
> CEF: DirXML-LogEventsType: 1 -> NAudit 2 -> CEF
Thanks for the notes Norbert, I totally had missed out on these
attributes before.