This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
geoffc
Knowledge Partner
Knowledge Partner
‎2018-06-04 16:18
453 views

Auditing IDM events - where is the config stored?

Stupid question, but when you use iManager and enable auditing on the
IDM driver/driverset either through Audit or CEF or XDAS, where is the
config stored?

It persists between iManager sessions, ergo it is stored. BUt I was
looking at the objects in LDAP and cannot quite see where they are being
written.

On the NCP Server object eDir auditing is stored in one of three
multivalued attributes:
NAuditINstrumentation
xdasConfiguration
cefConfiguration (I think, I should look this one up).

They use different formats, but whatever.

I do not see the IDM auditing options I selected written there, nor on
the driver nor driverset objects, in any place obvious that I looked.

Anyone know?
Labels (1)
0 Likes
Reply
Report Inappropriate Content
4 Replies
geoffc
Knowledge Partner
Knowledge Partner
‎2018-06-04 16:22

Re: Auditing IDM events - where is the config stored?

On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
> Stupid question, but when you use iManager and enable auditing on the
> IDM driver/driverset either through Audit or CEF or XDAS, where is the
> config stored?
>
> It persists between iManager sessions, ergo it is stored. BUt I was
> looking at the objects in LDAP and cannot quite see where they are being
> written.
>
> On the NCP Server object eDir auditing is stored in one of three
> multivalued attributes:
> NAuditINstrumentation
> xdasConfiguration
> cefConfiguration (I think, I should look this one up).
>
> They use different formats, but whatever.
>
> I do not see the IDM auditing options I selected written there, nor on
> the driver nor driverset objects, in any place obvious that I looked.
>
> Anyone know?

Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
guess there is a mapping of values to events?

Is that somewhere?

0 Likes
Reply
Report Inappropriate Content
geoffc
Knowledge Partner
Knowledge Partner
‎2018-06-04 16:24

Re: Auditing IDM events - where is the config stored?

On 6/4/2018 11:22 AM, Geoffrey Carman wrote:
> On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
>> Stupid question, but when you use iManager and enable auditing on the
>> IDM driver/driverset either through Audit or CEF or XDAS, where is the
>> config stored?
>>
>> It persists between iManager sessions, ergo it is stored. BUt I was
>> looking at the objects in LDAP and cannot quite see where they are
>> being written.
>>
>> On the NCP Server object eDir auditing is stored in one of three
>> multivalued attributes:
>> NAuditINstrumentation
>> xdasConfiguration
>> cefConfiguration (I think, I should look this one up).
>>
>> They use different formats, but whatever.
>>
>> I do not see the IDM auditing options I selected written there, nor on
>> the driver nor driverset objects, in any place obvious that I looked.
>>
>> Anyone know?
>
> Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
> guess there is a mapping of values to events?
>
> Is that somewhere?

Wait, wait, what?

Schema Manager in Designer says this is Read Only? I feel as though I am
missing something simple.


0 Likes
Reply
Report Inappropriate Content
klasen
Micro Focus Expert
Micro Focus Expert
‎2018-06-05 08:48

Re: Auditing IDM events - where is the config stored?

Hi Geoffrey,

On 2018-06-04 17:24, Geoffrey Carman wrote:
> On 6/4/2018 11:22 AM, Geoffrey Carman wrote:
>> On 6/4/2018 11:18 AM, Geoffrey Carman wrote:
>>> Stupid question, but when you use iManager and enable auditing on the
>>> IDM driver/driverset either through Audit or CEF or XDAS, where is
>>> the config stored?
>>>
>>> It persists between iManager sessions, ergo it is stored. BUt I was
>>> looking at the objects in LDAP and cannot quite see where they are
>>> being written.
>>>
>>> On the NCP Server object eDir auditing is stored in one of three
>>> multivalued attributes:
>>> NAuditINstrumentation
>>> xdasConfiguration
>>> cefConfiguration (I think, I should look this one up).
>>>
>>> They use different formats, but whatever.
>>>
>>> I do not see the IDM auditing options I selected written there, nor
>>> on the driver nor driverset objects, in any place obvious that I looked.
>>>
>>> Anyone know?
>>
>> Well that seems dumb of me. DirXML-LogEvents seems to hold integers, I
>> guess there is a mapping of values to events?

Most of them are documented at
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/constant-values.html#com.novell.nds.dirxml.util.DxConst.LOG_EV_ADD_ASSOCIATION

There are a few more utility functions in
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/util/DxConst.html

>>
>> Is that somewhere?
>
> Wait, wait, what?
>
> Schema Manager in Designer says this is Read Only? I feel as though I am
> missing something simple.

One has to use extended operations to set the attribute:
https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/ldap/SetLogEventsRequest.html

https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/?com/novell/nds/dirxml/ldap/ClearLogEventsRequest.html


For the logging protocol, I think that DirXML-LogEvents = 69 -> XDAS and
DirXML-LogEvents = 70 -> Naudit/CEF.

In 4.7 there is an additional attribute to choose between NAudit and
CEF: DirXML-LogEventsType: 1 -> NAudit 2 -> CEF

--
Norbert
--
Norbert
0 Likes
Reply
Report Inappropriate Content
geoffc
Knowledge Partner
Knowledge Partner
‎2018-06-05 14:48

Re: Auditing IDM events - where is the config stored?

>> Wait, wait, what?
>>
>> Schema Manager in Designer says this is Read Only? I feel as though I am
>> missing something simple.
>
> One has to use extended operations to set the attribute:
> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/com/novell/nds/dirxml/ldap/SetLogEventsRequest.html

Which explains why my LDAP tool is not seeing it. But Alekz's Console2
is, since he has a tool to copy Audit settings.

> https://www.netiq.com/documentation/identity-manager-developer/dtd-documentation/javadocs/?com/novell/nds/dirxml/ldap/ClearLogEventsRequest.html
>
>
> For the logging protocol, I think that DirXML-LogEvents = 69 -> XDAS and
> DirXML-LogEvents = 70 -> Naudit/CEF.
>
> In 4.7 there is an additional attribute to choose between NAudit and
> CEF: DirXML-LogEventsType: 1 -> NAudit 2 -> CEF

Thanks for the notes Norbert, I totally had missed out on these
attributes before.



0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.