11.3 Configuring Auditing after the Installation

Identity Governance generates common event format (CEF) events that you can forward on to an audit server to analyze the events and to create reports. These reports allow you to provide that you are in compliance with regulations.

Identity Governance provides auditing for the following components:

  • OSP

  • Identity Governance

  • Identity Reporting

You can choose to enable auditing during the installation of these components, or you can enable it through configuration any time after you have installed the components. To enable auditing events for Identity Governance or Identity Reporting after installation, you must log into Identity Governance as a Global Administrator and use the Configuration menu. To do so for OSP, use the Identity Governance Configuration Update utility, which also allows you to change the server details, and TLS settings.

Identity Governance also allows you to enable a more granular view of the audit events by enabling loggers. For more information, see Section 14.6, Increasing Logging Levels for Identity Governance and the Identity Governance Clients.

11.3.1 Enabling Auditing for OSP

If you have the components installed on separate servers, you must perform the following steps for each OSP server that you have installed.

To configure auditing after the installation:

  1. Stop the application server. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

  2. Launch the Identity Governance Configuration Update utility:

    1. Navigate to one of the following directories:

      • Linux: /opt/netiq/idm/apps/configupdate

      • Windows: C:\netiq\idm\apps\configupdate

    2. Launch the Identity Governance Configuration Update utility:

      • Linux: ./configupdate.sh

      • Windows: configupdate.bat

  3. Click the CEF Auditing tab, then use the following information to enable auditing: click Auditing Settings, then click Send audit events.

    Send audit events

    Select this option to enable auditing for this server.

    Destination host

    Specify the DNS name of the audit server. If it is this server, you can use localhost.

    Destination port

    Specify the port the audit server uses to communicate. The default port is 6514.

    Network protocol

    Select if the audit server communicates over TCP or UDP.

    Use TLS

    This option only appears if you select TCP. Select this option if you have configured the audit server to communicate over TLS. For more information, see Section 3.8, Securing Connections with TLS/SSL.

    Intermediate event store directory

    Specify a path to a directory on this server where Identity Governance stores the audit cache files until the information is sent to the audit server.

  4. Click OK to save the changes and the Identity Governance Configuration Update utility automatically closes.

  5. Start the application server. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

We provide a list of the events that the server sends to the audit server. To see the list of events, see OSP Audit Events.

11.3.2 Enabling Auditing for Identity Governance

If you want to enable auditing for Identity Governance after installation, you must do so through the Identity Governance Configuration feature.

To enable auditing for Identity Governance after installation:

  1. Log in to Identity Governance as a Global Administrator.

  2. Select Configuration > Advanced.

  3. Click + to add, enable, or configure each of the following properties:

    • ig.audit.server.enabled

    • ig.audit.server.httpAuditData

    • ig.audit.server.check-tls-cert-exp

    • ig.audit.server.syslog.enabled

    • ig.audit.server.syslog.protocol

    • ig.audit.server.syslog.host

    • ig.audit.server.syslog.port

    • ig.audit.server.syslog.cache-dir

    • ig.audit.server.syslog.cache-file

    • ig.audit.server.syslog.keystore-file

    • ig.audit.server.syslog.keystore-password

    • ig.audit.server.syslog.keystore-type

11.3.3 Enabling Auditing for Identity Reporting

If you want to enable auditing for Identity Reporting after installation, you must do so through the Identity Governance Configuration feature.

To enable auditing for Identity Reporting after installation:

  1. Log in to Identity Governance as a Global Administrator.

  2. Select Configuration > Advanced.

  3. Click + to add, enable, or configure each of the following properties:

    • ig.audit.rpt.check-tls-cert-exp

    • ig.audit.rpt.enabled

    • ig.audit.rpt.httpAuditData

    • ig.audit.rpt.syslog.cache-dir

    • ig.audit.rpt.syslog.cache-file

    • ig.audit.rpt.syslog.enabled

    • ig.audit.rpt.syslog.host

    • ig.audit.rpt.syslog.keystore-file

    • ig.audit.rpt.syslog.keystore-password

    • ig.audit.rpt.syslog.keystore-type

    • ig.audit.rpt.syslog.port

    • ig.audit.rpt.syslog.protocol