Identity Manager enables you to configure your own events to log to Identity Audit. Events can be logged by using an action in the Policy Builder, or within a style sheet. Any information you have access to when defining policies can be logged.
User-defined events are logged any time logging is enabled and are never filtered by the Metadirectory engine. There are two different ways to generate events:
In the Policy Builder, define the condition that must be met to generate the event, then select the
action.Specify an event ID.
Event IDs between 1000 and 1999 are allotted for user-defined events. You must specify a value within this range for the event ID when defining your own events. This ID is combined with the Identity Manager application ID of 003.
Select a log level.
Log levels enable you to group events based on the type of event being logged. The following predefined log levels are available:
Click the icon next to the
field to launch the Named String Builder.In the Named String Builder, you can specify the string, integer, and binary values to include with the event.
Use the Named String Builder to define the event values.
The Identity Manager event structure contains a target, a subTarget, three strings (text1, text2, text3), three integers (value1, value2, value3), and a generic field (data). The text fields are limited to 256 bytes, and the data field can contain up to 3 KB of information, unless a larger data field is enabled in your environment.
The following table provides an explanation of the Identity Manager event structure:
Field |
Description |
---|---|
|
This field captures the event target. All Identity Manager events store the event’s object in the field. |
|
This field specifies which predefined format the target is represented in. Defined values for this type are as follows:
|
|
This field captures the subcomponent of the target that was affected by the event. All Identity Manager events store the event’s attribute in the field. |
|
The value of this field depends upon the event. It can contain any text string up to 255 characters. NOTE:The CVR in the Novell Audit 2.0 Administration Guide. field is vital to the function of the Identity Audit CVR driver. The CVR driver looks in the event’s and fields to identify the defined attribute and object for a given policy. For more information, see |
|
The value of this field depends upon the event. It can contain any text string up to 255 characters. NOTE:The CVR in the Novell Audit 2.0 Administration Guide. field is vital to the function of the Identity Audit CVR driver. The CVR driver looks in the event’s and fields to identify the defined attribute and object for a given policy. For more information, see |
|
The value of this field depends upon the event. It can contain any text string up to 255 characters. |
1 |
The value of this field depends upon the event. It can contain any numeric value up to 32 bits. |
2 |
The value of this field depends upon the event. It can contain any numeric value up to 32 bits. |
|
The value of this field depends upon the event. It can contain any numeric value up to 32 bits. |
|
The value of this field depends upon the event. The default size of this field is 3072 characters. You can configure the size of this field in the LogMaxBigData value in logevent.cfg. This value does not set the size of the field, but it does set the maximum size that the Platform Agent can log. For more information, see Section 3.0, Installing and Configuring the Platform Agent. The maximum size of the field is defined by the database where the data is logged, so the size varies for each database that is used. If the size of the field logged by the Platform Agent exceeds the maximum size allowed by the database, the channel driver truncates the data in the field.If an event has more data than can be stored in the and value fields, it is possible to store up to 3 KB of binary data in the field. |
Click
to return to the Policy Builder to construct the remainder of your policy.For more information and examples of the Generate Event action, see Generate Event
in the Policies in Designer 3.5 guide.
Status documents generated through style sheets using the <xsl:message> element are sent to Identity Audit with an event ID that corresponds to the status document level attribute. The level attributes and corresponding event IDs are defined in the following table:
Table 4-2 Status Documents
The following example generates an event 0x004 and value1=7777, with a level of EV_LOG_STATUS_ERROR:
<xsl:message> <status level="error" text1="This would be text1" value="7777">This data would be in the blob and in text 2, since no value is specified for text2 in the attributes.</status> </xsl:message>
The following example generates a Identity Audit event 0x004 and value1=7778, with a level of EV_LOG_STATUS_ERROR:
<xsl:message> <status level="error" text1="This would be text1" text2="This would be text2" value1="7778">This data would be in the blob only for this case, since a value for text2 is specified in the attributes.</status> </xsl:message>