aortiz1 Respected Contributor.
Respected Contributor.
338 views

eDirectory CEF

Hi, i have two main questions,

Identity Manager 4.7.2

1) In one test environment i have Sentinel 8.2 with Universal CEF Collector 2011.1r2 and eDirectory Collector 2011.1r10, All my eDirectory events are recieved and parsed through eDirectory Collector and not Universal CEF Collector while Identity Manager and User Application log pretty easily with the Universal CEF Collector. Why does Sentinel still parses eDirectory events through eDirectory Collector?

2) In the client's environment we have Sentinel 8.1 and no way of knowing the versions of the collectors but i see that eDirectory events are not being parsed correctly.
Is there a way to solve this situation? can i get eDirectory events to be parsed through Universal CEF Collector?

Thank you so much in advance
0 Likes
2 Replies
ScorpionSting Absent Member.
Absent Member.

Re: eDirectory CEF

aortiz1;2500131 wrote:
Hi, i have two main questions,

Identity Manager 4.7.2

1) In one test environment i have Sentinel 8.2 with Universal CEF Collector 2011.1r2 and eDirectory Collector 2011.1r10, All my eDirectory events are recieved and parsed through eDirectory Collector and not Universal CEF Collector while Identity Manager and User Application log pretty easily with the Universal CEF Collector. Why does Sentinel still parses eDirectory events through eDirectory Collector?

2) In the client's environment we have Sentinel 8.1 and no way of knowing the versions of the collectors but i see that eDirectory events are not being parsed correctly.
Is there a way to solve this situation? can i get eDirectory events to be parsed through Universal CEF Collector?

Thank you so much in advance


CEF is the standard for sending messages over Syslog. The Collector is the one that maps the incoming message to Sentinel Taxonomy...so, you will still have the Collectors, but eventually just a simple Connector shared across the Collectors.

If you're still getting XDAS/Audit messages, make sure the modules are not still being loaded by eDirectory (/etc/opt/novell/eDirectory/conf/ndsmodules.conf) as you'd end up getting duplicates with both event sources sending.

Visit my Website for links to Cool Solution articles.
0 Likes
brandon-langley Absent Member.
Absent Member.

Re: eDirectory CEF

aortiz1;2500131 wrote:
Hi, i have two main questions,

Identity Manager 4.7.2

1) In one test environment i have Sentinel 8.2 with Universal CEF Collector 2011.1r2 and eDirectory Collector 2011.1r10, All my eDirectory events are recieved and parsed through eDirectory Collector and not Universal CEF Collector while Identity Manager and User Application log pretty easily with the Universal CEF Collector. Why does Sentinel still parses eDirectory events through eDirectory Collector?

2) In the client's environment we have Sentinel 8.1 and no way of knowing the versions of the collectors but i see that eDirectory events are not being parsed correctly.
Is there a way to solve this situation? can i get eDirectory events to be parsed through Universal CEF Collector?

Thank you so much in advance


IDM 4.7.2 made improvements to CEF for the main IDM Engine and UserApp components to support full ArcSight CEF certification. I don't know all the specifics as to why eDirectory was not considered in that scope, but one of the main side effects of improving the data mappings to achieve that certification was the elimination of a lot of complexity in the event structure that made it necessary to have a dedicated driver for that product.



To answer (2) - The answer is that it's probably 50/50 if the Universal CEF collector would be beneficial without the eDirectory product taking the time to review their CEF events and ensuring the mapping and usage is at least at the standards used by Arcsight, if not also certified. the Identity Manager team maintains the collectors for both IDM and eDirectory, so escalating through your support path should enable you to get those parsing issues addressed one way or another. If you find using the Universal CEF collector beneficial in terms of reducing the number of collectors you manage, I would also recommend you provide that feedback separately as well.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.