8.3 Configuring Actions

An event is delivered to one or more channels when it meets the criteria specified by one of the rules. Before the events can be output to a channel, the action to send to that channel must be configured with the appropriate connection information (and authentication credentials, if needed for the SMTP relay). The Identity Audit system can have only one configured connection per action type (for example, all events that are written to a file must be written to the same file).

8.3.1 Send to E-Mail

To configure the Send to e-mail action, you need the connection information for an SMTP relay (IP address and port number), and the To and From addresses. You can send to more than one e-mail address by entering a comma-separated list.

NOTE:To avoid overwhelming your SMTP relay or e-mail recipients, this action should only be used with rules that generate a low volume of events.

This SMTP relay configuration is also used to deliver reports to users.

  1. Log into Identity Audit as an administrator.

  2. Click Rules in the upper right corner of the page.

  3. Click Configuration.

  4. Under e-mail, enter the name and port of an available SMTP relay. If desired, click Test to validate the hostname or IP address, port, username, and password fields.

    The Test button does not actually send a test e-mail message.

  5. If the SMTP relay requires authentication, specify a username and password.

  6. Specify an address from which the e-mail messages will come.

  7. Specify one or more e-mail addresses, separated by commas.

  8. Click Save.

All Identity Audit events meeting the filter criteria for which the Send to e-mail action is defined are sent to the same SMTP relay and set of addresses.

8.3.2 Send to Syslog

To configure the Send to Syslog action, you need the connection information for the syslog server (IP address and port number).

  1. Log into Identity Audit as an administrator.

  2. Click Rules in the upper right corner of the page.

  3. Click Configuration.

  4. Under Syslog, specify a name or IP address and open UDP port of a syslog server. If desired, click Test to test that the destination server and port are formatted correctly.

  5. Click Save.

All Identity Audit events meeting the filter criteria for which the Send to Syslog action is defined are sent to the same syslog server.

8.3.3 Write to File

To configure the Write to File action, you need the name and path of the file to which the events will be written. The directory must already exist and the novell user must have permissions to write to it. If the file does not already exist, Identity Audit creates it.

  1. Log into Identity Audit as an administrator.

  2. Click Rules in the upper right corner of the page.

  3. Click Configuration.

  4. Under Filename, specify the path to the file to which you want the events to be written, either an absolute path or a relative path (where the working directory is data under the application’s home directory). If desired, click Test to test permissions and create a zero-byte file to hold the data.

  5. Click Save.

All Identity Audit events meeting the filter criteria for which the Write to File action is defined are written to the same file.