Anonymous_User Absent Member.
Absent Member.
497 views

User Application Auditing Documentation Clarification: To EnableLogging to Audit or Not

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Searching around the Forums, and a bit of the rest of the world with
Google, I have yet to find this called out somewhere. The documentation
for the UserApp about auditing has some pretty odd claims, so I'm not
sure if this falls into that category, or a category of things having
changed over the years making some steps no longer necessary, or what.
Let me explain what I am reading and how I am interpreting it:

https://www.netiq.com/documentation/idm402/agpro/data/b2iix0c.html

This page has the following statement:

<quote>
The Identity Manager User Application implements logging by using log4j,
an open-source logging package distributed by The Apache Software
Foundation. See Logging Services for details. By default, event messages
are logged to the system console and to the application server’s log
file at logging level INFO and above. You can also configure the User
Application to log to Novell Identity Audit and OpenXDAS. Events are
logged to all activated loggers.
</quote>

Shortly thereafter is this page:

https://www.netiq.com/documentation/idm402/agpro/data/b2iix14.html

<quote>
The Identity Manager User Application logs a set of events automatically
from workflow, search, detail, and password requests. By default, the
Identity Manager User Application automatically logs the following
events to all active logging channels:
</quote>

This is followed by a list of many types of events.

To me the first doc page, and the paragraph there, means that auditing
is not going to happen, regardless of the configuration of the Platform
Agent, unless something is specifically done within the UserApp to
enable it. I've found somewhere else in the docs where it talks about a
checkbox on the Logging page 'Also send logging messages to audit
service' and on this page in the UserApp it specifically says logging
events are not sent to Audit otherwise: "Logging messages are not sent
to audit service. Select the box below to send logging messages to audit
service as well." That last statement makes me think that logging and
auditing are separate beasts, and usually (in the wider IT security
world) that is true. Logging is informational for troubleshooting or
status monitoring, and auditing is all about security. The second page,
linked-to above, makes me think differently. It talks about "By
default, the Identity manager User Application" sends stuff to all
logging channels. Is auditing a logging channel? I wouldn't normally
think so, but I'm new to this.

Now if I were to go specifically on the bits above I would assume that
logging and auditing were separate, and without the checkbox in the
UserApp things would not go to Sentinel, our receiver of audit events.
Contrary to this, though, events are going to Sentinel without this
checkbox being checked. We are not on Patch A yet, and I understand
there is a bug here for the proper display of the current settings
resolved with Patch A, but believing that "logging" and "auditing" were
not the same I never checked the checkbox. Still, events show up nicely
in Sentinel from the IP address of the UserApp box (which has nothing
else on it) when workflows are processed.

Any help is appreciated. I'm probably just reading into this too much,
but I'd like to understand it fully.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQgieBAAoJEF+XTK08PnB5YloP/22gLNllvqDI3FOVjxL8S8wJ
/3P6AWpnthDtDS7KbvvhOvXDC5rC0UiXcn6AYKpz4hyBhffxtBbQoE0+7PQNem5t
Ui9D9J8+ybvAgV5L/qCcYYHAHNmGbPgRiWiBNUtD2ReeBBOEt1n5jfM16G7Lki5x
lwy83LTmcG5vl41cdKgKmVIq6R2HrT6mkSUxpSMaKtxTN3XKzFF3GtZ8EZJRvPEg
S8FY9YaqvVmYbGExLwq6o8TOaapcVrvuxBIXZYdOiHSfGtdTKzmBEgLlVkjoEsTm
B5rm+JXm4lKynooAWykihQt/wI7/p5aSMlOVjVga8uMk0EChwtjvG6Q+1WtU09bc
1rzM0NmDtxjwLe29WtkVi5oh+RCP/65cSfhsjO/9DhlvRff+L2LPyygkfhVXugq8
AUgPoE+0K9kOoyw9qdRkRGBoC7suoYuajbh01gj8KQTzSEXygo3Se8nG9z1Z4xKW
PYOAD1tlwFIzFLdw8bCFzUX6FdOYb8B2WPmyBJxq6tpAHLnmf/xKhNW8JmWdROSd
gC+B+EahJ5cs95IpwVlrb10oynAVUpe/pUZzL/lbTTpnc64OBLrbcN8C53xAs5GW
BWrzzNpV+nbb0GnqA1QGpbpx4Hh2AbJKrTjpJTAng3HKrmbjL0kamB5meTO3hq9H
gT2sLbjCX7zRfn8OTQMN
=Uxg9
-----END PGP SIGNATURE-----
Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: User Application Auditing Documentation Clarification: To EnableLogging to Audit or Not

On 10/20/2012 12:24 AM, ab wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Searching around the Forums, and a bit of the rest of the world with
> Google, I have yet to find this called out somewhere. The documentation
> for the UserApp about auditing has some pretty odd claims, so I'm not
> sure if this falls into that category, or a category of things having
> changed over the years making some steps no longer necessary, or what.
> Let me explain what I am reading and how I am interpreting it:
>
> https://www.netiq.com/documentation/idm402/agpro/data/b2iix0c.html
>
> This page has the following statement:
>
> <quote>
> The Identity Manager User Application implements logging by using log4j,
> an open-source logging package distributed by The Apache Software
> Foundation. See Logging Services for details. By default, event messages
> are logged to the system console and to the application server’s log
> file at logging level INFO and above. You can also configure the User
> Application to log to Novell Identity Audit and OpenXDAS. Events are
> logged to all activated loggers.
> </quote>
>
> Shortly thereafter is this page:
>
> https://www.netiq.com/documentation/idm402/agpro/data/b2iix14.html
>
> <quote>
> The Identity Manager User Application logs a set of events automatically
> from workflow, search, detail, and password requests. By default, the
> Identity Manager User Application automatically logs the following
> events to all active logging channels:
> </quote>
>
> This is followed by a list of many types of events.
>
> To me the first doc page, and the paragraph there, means that auditing
> is not going to happen, regardless of the configuration of the Platform
> Agent, unless something is specifically done within the UserApp to
> enable it. I've found somewhere else in the docs where it talks about a
> checkbox on the Logging page 'Also send logging messages to audit
> service' and on this page in the UserApp it specifically says logging
> events are not sent to Audit otherwise: "Logging messages are not sent
> to audit service. Select the box below to send logging messages to audit
> service as well." That last statement makes me think that logging and
> auditing are separate beasts, and usually (in the wider IT security
> world) that is true. Logging is informational for troubleshooting or
> status monitoring, and auditing is all about security. The second page,
> linked-to above, makes me think differently. It talks about "By
> default, the Identity manager User Application" sends stuff to all
> logging channels. Is auditing a logging channel? I wouldn't normally
> think so, but I'm new to this.
>
> Now if I were to go specifically on the bits above I would assume that
> logging and auditing were separate, and without the checkbox in the
> UserApp things would not go to Sentinel, our receiver of audit events.
> Contrary to this, though, events are going to Sentinel without this
> checkbox being checked. We are not on Patch A yet, and I understand
> there is a bug here for the proper display of the current settings
> resolved with Patch A, but believing that "logging" and "auditing" were
> not the same I never checked the checkbox. Still, events show up nicely
> in Sentinel from the IP address of the UserApp box (which has nothing
> else on it) when workflows are processed.
>
> Any help is appreciated. I'm probably just reading into this too much,
> but I'd like to understand it fully.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.19 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJQgieBAAoJEF+XTK08PnB5YloP/22gLNllvqDI3FOVjxL8S8wJ
> /3P6AWpnthDtDS7KbvvhOvXDC5rC0UiXcn6AYKpz4hyBhffxtBbQoE0+7PQNem5t
> Ui9D9J8+ybvAgV5L/qCcYYHAHNmGbPgRiWiBNUtD2ReeBBOEt1n5jfM16G7Lki5x
> lwy83LTmcG5vl41cdKgKmVIq6R2HrT6mkSUxpSMaKtxTN3XKzFF3GtZ8EZJRvPEg
> S8FY9YaqvVmYbGExLwq6o8TOaapcVrvuxBIXZYdOiHSfGtdTKzmBEgLlVkjoEsTm
> B5rm+JXm4lKynooAWykihQt/wI7/p5aSMlOVjVga8uMk0EChwtjvG6Q+1WtU09bc
> 1rzM0NmDtxjwLe29WtkVi5oh+RCP/65cSfhsjO/9DhlvRff+L2LPyygkfhVXugq8
> AUgPoE+0K9kOoyw9qdRkRGBoC7suoYuajbh01gj8KQTzSEXygo3Se8nG9z1Z4xKW
> PYOAD1tlwFIzFLdw8bCFzUX6FdOYb8B2WPmyBJxq6tpAHLnmf/xKhNW8JmWdROSd
> gC+B+EahJ5cs95IpwVlrb10oynAVUpe/pUZzL/lbTTpnc64OBLrbcN8C53xAs5GW
> BWrzzNpV+nbb0GnqA1QGpbpx4Hh2AbJKrTjpJTAng3HKrmbjL0kamB5meTO3hq9H
> gT2sLbjCX7zRfn8OTQMN
> =Uxg9
> -----END PGP SIGNATURE-----
>


Greetings,

1) "Logging" and "Auditing" are two different concepts. The User
Application will always send Logging information to the logs (for
example server.log on JBoss) based upon the settings in the
Administration page. However, we only send events to "Audit" when
Auditing is enabled and configured correctly.

2) In 402 there was a bug with shipping code that the UI did not reflect
correctly if Auditing was enabled or not. The true way to tell before
applying patch 402A is to look in the server.log

3) Depending upon how you installed it is appearing the Auditing is
being enabled by default.

4) For the Audit events to show up, in Sentinel
a) Auditing was enabled
b) The logevent.conf file had to have the Address and port
information for the Sentinel Server added to. Also a mapping to where
the NAuditPA.jar is located.




--
Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Application Auditing Documentation Clarification: To EnableLogging to Audit or Not

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 1) "Logging" and "Auditing" are two different concepts. The User
> Application will always send Logging information to the logs (for
> example server.log on JBoss) based upon the settings in the
> Administration page. However, we only send events to "Audit" when
> Auditing is enabled and configured correctly.


Is it safe to assume that "enabled" means checking the checkbox under
Administration which reads, "Also send logging messages to audit
service"? If so, how are all of the logging messages which are not
audit messages handled?

> 2) In 402 there was a bug with shipping code that the UI did not
> reflect correctly if Auditing was enabled or not. The true way to
> tell before applying patch 402A is to look in the server.log


What does the server.log show exactly when this is enabled, or disabled?
I see the following during startup of JBoss in our system where the
instrumentation within the UserApp was never enabled, though the Roles
driver was set for auditing and the PA was configured from the start:

2012-10-14 19:23:58,811 INFO [STDOUT] (main) INFO [RBPM]
[com.novell:activateOptions] Initializing Novell Audit

Also, is there no way to see the value as it is set in some config file,
JAR, or other before hoping to find a message in a log file?

> 3) Depending upon how you installed it is appearing the Auditing is
> being enabled by default.


Could you explain some of the dependencies? I installed JBoss from the
convenience installer, ran the rest of the install from the console (no
alternatives worked well, or at all) choosing the 'all' configuration,
implemented TCP clustering, and ran configupdate.sh from the command
line as well. Everything seems to be okay, but auditing is probably not
all there yet. The docs, as I recall, only configure the PA portion
from the installers and leave the instrumentation up to
post-installation stuff, which is what I'm really after unless the
earlier portions did not behave as documented.

Thanks for the response.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQhuM5AAoJEF+XTK08PnB5YTIP/1r2aXwHRTJWPKLV6FeALkYJ
lSoXmxw3md/beqO8fXExbAGhNtVruDFtiJmsjK5O2yT4+7A54w8a1on1p9IVECH2
pl9Z0aXFEvc21zJXhJgiLNWf6YMz5qg/UjRBPSOCp/lnS8K/9R55UVcLo0g2rlEA
M6a+3unzyv3Pp8qDYE7qGlvrYjbXtVYjB9yElKVWOq6ou4ZeCT5cqwRhugX5IWx4
L+b+f+isJp6rE87BNirygOmRQQoENUba/3OAv0x48kgIWFBfbWXH2EIcZZNKdzni
//22FV8EyRbWUt4+tM5JQLtwD3VRlwrZzVHdzak+L6DVQBwFuQtspc+iyp3ssxR5
N6eeErMYh0IAoF4qG5F3PcaKx2cMe/hHcnq6P0+2zS9cb4UtESigaGNiXbEM5WZt
WqGE4UF/LCOeoatnjL22DdmR0Yj9GwjTISwwfDAYg5bOgy+itvXKRTQbknKntSK9
ldgtxSoeOK5Ofoaz2o+KEG5FHpNcMnG14BfLX98CWZ5tFdMA//4dHNkYP46P83ZK
Tlvpl61eFiShMD43TSACzSfEbWBQaB/IODUwB0WIFl2b3BcQFO4zXM962jdpz+mJ
ZYns5fiRwbQcjiB71Rq+4LZfbjb2n0lQXpd5JWj8WLyK22v8XteTeV+HhRIJUXKv
cp+Ji+lWzsOKXxQ3JqV6
=XuDo
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Application Auditing Documentation Clarification: ToEnable Logging to Audit or Not

On Tue, 23 Oct 2012 18:34:35 +0000, ab wrote:

> I see the following during startup of JBoss in our system where the
> instrumentation within the UserApp was never enabled, though the Roles
> driver was set for auditing and the PA was configured from the start:
>
> 2012-10-14 19:23:58,811 INFO [STDOUT] (main) INFO [RBPM]
> [com.novell:activateOptions] Initializing Novell Audit
>
> Also, is there no way to see the value as it is set in some config file,
> JAR, or other before hoping to find a message in a log file?


See .../rbpm37/jboss/server/IDMProv/conf/jboss-log4j.xml for the log4j
configuration.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Application Auditing Documentation Clarification: To EnableLogging to Audit or Not

On 10/23/2012 02:34 PM, ab wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> 1) "Logging" and "Auditing" are two different concepts. The User
>> Application will always send Logging information to the logs (for
>> example server.log on JBoss) based upon the settings in the
>> Administration page. However, we only send events to "Audit" when
>> Auditing is enabled and configured correctly.

>
> Is it safe to assume that "enabled" means checking the checkbox under
> Administration which reads, "Also send logging messages to audit
> service"? If so, how are all of the logging messages which are not
> audit messages handled?
>
>> 2) In 402 there was a bug with shipping code that the UI did not
>> reflect correctly if Auditing was enabled or not. The true way to
>> tell before applying patch 402A is to look in the server.log

>
> What does the server.log show exactly when this is enabled, or disabled?
> I see the following during startup of JBoss in our system where the
> instrumentation within the UserApp was never enabled, though the Roles
> driver was set for auditing and the PA was configured from the start:
>
> 2012-10-14 19:23:58,811 INFO [STDOUT] (main) INFO [RBPM]
> [com.novell:activateOptions] Initializing Novell Audit
>
> Also, is there no way to see the value as it is set in some config file,
> JAR, or other before hoping to find a message in a log file?
>
>> 3) Depending upon how you installed it is appearing the Auditing is
>> being enabled by default.

>
> Could you explain some of the dependencies? I installed JBoss from the
> convenience installer, ran the rest of the install from the console (no
> alternatives worked well, or at all) choosing the 'all' configuration,
> implemented TCP clustering, and ran configupdate.sh from the command
> line as well. Everything seems to be okay, but auditing is probably not
> all there yet. The docs, as I recall, only configure the PA portion
> from the installers and leave the instrumentation up to
> post-installation stuff, which is what I'm really after unless the
> earlier portions did not behave as documented.
>
> Thanks for the response.
>
> Good luck.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.19 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJQhuM5AAoJEF+XTK08PnB5YTIP/1r2aXwHRTJWPKLV6FeALkYJ
> lSoXmxw3md/beqO8fXExbAGhNtVruDFtiJmsjK5O2yT4+7A54w8a1on1p9IVECH2
> pl9Z0aXFEvc21zJXhJgiLNWf6YMz5qg/UjRBPSOCp/lnS8K/9R55UVcLo0g2rlEA
> M6a+3unzyv3Pp8qDYE7qGlvrYjbXtVYjB9yElKVWOq6ou4ZeCT5cqwRhugX5IWx4
> L+b+f+isJp6rE87BNirygOmRQQoENUba/3OAv0x48kgIWFBfbWXH2EIcZZNKdzni
> //22FV8EyRbWUt4+tM5JQLtwD3VRlwrZzVHdzak+L6DVQBwFuQtspc+iyp3ssxR5
> N6eeErMYh0IAoF4qG5F3PcaKx2cMe/hHcnq6P0+2zS9cb4UtESigaGNiXbEM5WZt
> WqGE4UF/LCOeoatnjL22DdmR0Yj9GwjTISwwfDAYg5bOgy+itvXKRTQbknKntSK9
> ldgtxSoeOK5Ofoaz2o+KEG5FHpNcMnG14BfLX98CWZ5tFdMA//4dHNkYP46P83ZK
> Tlvpl61eFiShMD43TSACzSfEbWBQaB/IODUwB0WIFl2b3BcQFO4zXM962jdpz+mJ
> ZYns5fiRwbQcjiB71Rq+4LZfbjb2n0lQXpd5JWj8WLyK22v8XteTeV+HhRIJUXKv
> cp+Ji+lWzsOKXxQ3JqV6
> =XuDo
> -----END PGP SIGNATURE-----
>

Greetings,
For the User Application "Auditing" is either ON or OFF. There are
no fine tuning or other options to enable like eDir/IDM from iManager.
As outlined in the Administration Guide => "Log Events" we only send a
set list of events to "Audit" and that is it. This list and what is
sent is not necessarily going to be the same as what you see in the
server log.

https://www.netiq.com/documentation/idm402/agpro/?page=/documentation/idm402/agpro/data/b2iix14.html

Therefore, the User Application only requires:
1) Audit server configured with the dirxml.lsc file
2) Logevent.conf to have the proper information and mappings
3) "Auditing" is enabled and persisted within the User Application

https://www.netiq.com/documentation/idm402/agpro/?page=/documentation/idm402/agpro/data/b2iix0e.html




--
Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Application Auditing Documentation Clarification: To EnableLogging to Audit or Not

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Greetings, For the User Application "Auditing" is either ON or OFF.
> There are no fine tuning or other options to enable like eDir/IDM
> from iManager. As outlined in the Administration Guide => "Log
> Events" we only send a set list of events to "Audit" and that is it.
> This list and what is sent is not necessarily going to be the same as
> what you see in the server log.
>
> https://www.netiq.com/documentation/idm402/agpro/?page=/documentation/idm402/agpro/data/b2iix14.html


Okay,
>

so enabling "logging to audit" is, at least for me, enabling the
sending of audit events to Sentinel (or whatever) and has nothing to do
with logging really. That helps for sure.

> Therefore, the User Application only requires: 1) Audit server
> configured with the dirxml.lsc file 2) Logevent.conf to have the
> proper information and mappings 3) "Auditing" is enabled and
> persisted within the User Application
>
> https://www.netiq.com/documentation/idm402/agpro/?page=/documentation/idm402/agpro/data/b2iix0e.html


It
>

was this page of the documentation that made me question everything
because of how much misinformation is on it.

1 - Nonsense, completely. Not only are the screenshots for an EoL
product, they are for an EoL product while referring to another EoL
product which replaced the screenshots' EoL product. This has been
copied/pasted for seven years without review.

2. Sure, it does need to have "proper information" like the Sentinel
system's IP address. The page also mentions changing '288' to '1233'
for caching.... the defaults now include '1288' so that's not needed
anymore, and it seems odd to choose '1233' at random when the other
port, '289', was incremented by a nice 10^3 to '1289'. In the end this
number doesn't matter at all as long as it is not already in use.

3. The previous link helps with that as long as I can get over the
'logging' vs. 'auditing' terms' usage.

Thanks again.
AB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQhwtXAAoJEF+XTK08PnB5dWMP/jV++tJcmdoUl2U+DM2HLrfp
FYfy/qDRfH7+IuuXQ13ld8mYpgOFTyYmnTxPCXNXg2Q6hylNxkoIEBupsFC4kBVK
BZQ7QQmSQ3MGpfRbJdrL7tu/uDYpWn6uBcZuqp8+XBBF3TY6X3+RXjvhHyook7wz
3/vzAxFjg1zdFxxRAxBkI8m8m/nM11K61aZq3f91rbEMuF+WHR/mpkM58/SMBO4F
peBeysgH01anRXCHRUtGrw9VSpIGYMdmNKmv1O+T//3maeIVPg/WZClo2O/iJUvh
AcSyCnuTvGZcR1/HEAMXYhzj2cStgmfklXLlR7F/v5euioPwmE2+lkScxqpnQQ89
RLYPD0NnIzKkjTgQNqRVp/PFCSd2i7ODOrmfX8seqziIsE5Hl2HaohyyMn2tLu/L
SQwlrL7TeIPe/YWQCkOzT8xVq9hLlP1ax36Ug1Xr8m9ar3KwQ1cKwSpxewIu0Oyx
VkYARs0iSP519/iQDbzJmIERY8CYZlSalQw7ThfozLAgPJcpb467Rsn9tPXlnMIi
vZi2/W4hUHaI3f3CGB9oy8nXREXk8DLiitRcI9fbU7pQp7uwDbu5skUeIUf0VaiW
0mdy9Qc0thVhs9+Q254kOXBiK93Y821DRWIRm1ZCI465opjuSNt5l7CJMST3dPWe
LhnNCNppSaguDZZRk2si
=h1dx
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Application Auditing Documentation Clarification: To EnableLogging to Audit or Not

On 10/23/2012 05:25 PM, ab wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> Greetings, For the User Application "Auditing" is either ON or OFF.
>> There are no fine tuning or other options to enable like eDir/IDM
>> from iManager. As outlined in the Administration Guide => "Log
>> Events" we only send a set list of events to "Audit" and that is it.
>> This list and what is sent is not necessarily going to be the same as
>> what you see in the server log.
>>
>> https://www.netiq.com/documentation/idm402/agpro/?page=/documentation/idm402/agpro/data/b2iix14.html

>
> Okay,
>>

> so enabling "logging to audit" is, at least for me, enabling the
> sending of audit events to Sentinel (or whatever) and has nothing to do
> with logging really. That helps for sure.
>
>> Therefore, the User Application only requires: 1) Audit server
>> configured with the dirxml.lsc file 2) Logevent.conf to have the
>> proper information and mappings 3) "Auditing" is enabled and
>> persisted within the User Application
>>
>> https://www.netiq.com/documentation/idm402/agpro/?page=/documentation/idm402/agpro/data/b2iix0e.html

>
> It
>>

> was this page of the documentation that made me question everything
> because of how much misinformation is on it.
>
> 1 - Nonsense, completely. Not only are the screenshots for an EoL
> product, they are for an EoL product while referring to another EoL
> product which replaced the screenshots' EoL product. This has been
> copied/pasted for seven years without review.
>
> 2. Sure, it does need to have "proper information" like the Sentinel
> system's IP address. The page also mentions changing '288' to '1233'
> for caching.... the defaults now include '1288' so that's not needed
> anymore, and it seems odd to choose '1233' at random when the other
> port, '289', was incremented by a nice 10^3 to '1289'. In the end this
> number doesn't matter at all as long as it is not already in use.
>
> 3. The previous link helps with that as long as I can get over the
> 'logging' vs. 'auditing' terms' usage.
>
> Thanks again.
> AB
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.19 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJQhwtXAAoJEF+XTK08PnB5dWMP/jV++tJcmdoUl2U+DM2HLrfp
> FYfy/qDRfH7+IuuXQ13ld8mYpgOFTyYmnTxPCXNXg2Q6hylNxkoIEBupsFC4kBVK
> BZQ7QQmSQ3MGpfRbJdrL7tu/uDYpWn6uBcZuqp8+XBBF3TY6X3+RXjvhHyook7wz
> 3/vzAxFjg1zdFxxRAxBkI8m8m/nM11K61aZq3f91rbEMuF+WHR/mpkM58/SMBO4F
> peBeysgH01anRXCHRUtGrw9VSpIGYMdmNKmv1O+T//3maeIVPg/WZClo2O/iJUvh
> AcSyCnuTvGZcR1/HEAMXYhzj2cStgmfklXLlR7F/v5euioPwmE2+lkScxqpnQQ89
> RLYPD0NnIzKkjTgQNqRVp/PFCSd2i7ODOrmfX8seqziIsE5Hl2HaohyyMn2tLu/L
> SQwlrL7TeIPe/YWQCkOzT8xVq9hLlP1ax36Ug1Xr8m9ar3KwQ1cKwSpxewIu0Oyx
> VkYARs0iSP519/iQDbzJmIERY8CYZlSalQw7ThfozLAgPJcpb467Rsn9tPXlnMIi
> vZi2/W4hUHaI3f3CGB9oy8nXREXk8DLiitRcI9fbU7pQp7uwDbu5skUeIUf0VaiW
> 0mdy9Qc0thVhs9+Q254kOXBiK93Y821DRWIRm1ZCI465opjuSNt5l7CJMST3dPWe
> LhnNCNppSaguDZZRk2si
> =h1dx
> -----END PGP SIGNATURE-----
>


Greetings,
Logging and auditing are not the same. It is "true" that an action
like "Login" will appear in both the server.log and in Audit. But, a
normal logging entry of a code map refresh would not. Or, when you
enable one of the packages from the Logging page to a level higher then
INFO will only go to the server log and not to Audit. Any of your
custom code (like output from javascript function) or log messages would
also only be in the server log and not in Audit.

--
Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.