Identity Governance generates common event format (CEF) events that you can forward to an audit server to analyze the events and to create reports. These reports allow you to provide that you are in compliance with regulations.
Identity Governance provides auditing for the following components:
OSP
Identity Governance
Identity Reporting
You can choose to enable auditing during the installation of these components, or you can enable it through configuration any time after you have installed the components. To enable auditing events for Identity Governance or Identity Reporting after installation, you must log into Identity Governance as a Global Administrator and use the Configuration menu. To do so for OSP, use the Identity Governance Configuration Update utility, which also allows you to change the server details, and TLS settings.
Identity Governance also allows you to enable a more granular view of the audit events by enabling loggers. For more information, see Section 15.6, Increasing Logging Levels for Identity Governance and the Identity Governance Clients.
If you have the components installed on separate servers, you must perform the following steps for each OSP server that you have installed.
To configure auditing after the installation:
Stop the application server. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.
Launch the Identity Governance Configuration Update utility:
Navigate to one of the following directories:
Linux: /opt/netiq/idm/apps/configupdate
Windows: C:\netiq\idm\apps\configupdate
Launch the Identity Governance Configuration Update utility:
Linux: ./configupdate.sh
Windows: configupdate.bat
Click the CEF Auditing tab, then use the following information to enable auditing: click Auditing Settings, then click Send audit events.
Select this option to enable auditing for this server.
Specify the DNS name of the audit server. If it is this server, you can use localhost.
Specify the port the audit server uses to communicate. The default port is 6514.
Select if the audit server communicates over TCP or UDP.
This option only appears if you select TCP. Select this option if you have configured the audit server to communicate over TLS. For more information, see Section 3.8, Securing Connections with TLS/SSL.
Specify a path to a directory on this server where Identity Governance stores the audit cache files until the information is sent to the audit server.
Click OK.
Start the application server. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.
We provide a list of the events that the server sends to the audit server. To see the list of events, see OSP Audit Events.
If you want to enable auditing for Identity Governance after installation, you must do so through the Identity Governance Configuration feature.
To enable auditing for Identity Governance after installation:
Log in to Identity Governance as a Global Administrator.
Select Configuration > Advanced.
Click + to add, enable, or configure each of the following properties:
ig.audit.server.enabled
ig.audit.server.httpAuditData
ig.audit.server.check-tls-cert-exp
ig.audit.server.syslog.enabled
ig.audit.server.syslog.protocol
ig.audit.server.syslog.host
ig.audit.server.syslog.port
ig.audit.server.syslog.cache-dir
ig.audit.server.syslog.cache-file
ig.audit.server.syslog.keystore-file
ig.audit.server.syslog.keystore-password
ig.audit.server.syslog.keystore-type
If you want to enable auditing for Identity Reporting after installation, you must do so through the Identity Governance Configuration feature.
To enable auditing for Identity Reporting after installation:
Log in to Identity Governance as a Global Administrator.
Select Configuration > Advanced.
Click + to add, enable, or configure each of the following properties:
ig.audit.rpt.check-tls-cert-exp
ig.audit.rpt.enabled
ig.audit.rpt.httpAuditData
ig.audit.rpt.syslog.cache-dir
ig.audit.rpt.syslog.cache-file
ig.audit.rpt.syslog.enabled
ig.audit.rpt.syslog.host
ig.audit.rpt.syslog.keystore-file
ig.audit.rpt.syslog.keystore-password
ig.audit.rpt.syslog.keystore-type
ig.audit.rpt.syslog.port
ig.audit.rpt.syslog.protocol
The auditing events provides a record of what the Workflow Engine has done.
To configure auditing you must access the Workflow Administration Console:
Log in to the Workflow Administration Console as a Global Administrator.
Select Configuration > Audit Configuration.
NOTE:Depending on your requirement, you can enable one or all the audit configurations.
(Optional) Select Tomcat to add, enable, or configure the following properties:
workflow.audit.wfs.server-log.enabled
workflow.audit.wfs.server-log.httpAuditData
workflow.audit.wfs.server-log.truncate-to-cef
(Optional) Select Syslog to add, enable, or configure the following properties:
workflow.audit.wfs.syslog.cache-dir
workflow.audit.wfs.syslog.cache-file
workflow.audit.wfs.syslog.check-tls-cert-exp
workflow.audit.wfs.syslog.enabled
workflow.audit.wfs.syslog.host
workflow.audit.wfs.syslog.httpAuditData
workflow.audit.wfs.syslog.keystore-file
workflow.audit.wfs.syslog.keystore-password
workflow.audit.wfs.syslog.keystore-type
workflow.audit.wfs.syslog.port
workflow.audit.wfs.syslog.protocol
workflow.audit.wfs.syslog.truncate-to-cef
(Optional) Select File to add, enable, or configure the following properties:
workflow.audit.wfs.cef-to-file.directory
workflow.audit.wfs.cef-to-file.enabled
workflow.audit.wfs.cef-to-file.filename-prefix
workflow.audit.wfs.cef-to-file.filename-suffix
workflow.audit.wfs.cef-to-file.httpAuditData
workflow.audit.wfs.cef-to-file.truncate-to-cef
(Optional) Select JDBC to add, enable, or configure the following properties:
workflow.audit.wfs.jdbc.driver
workflow.audit.wfs.jdbc.enabled
workflow.audit.wfs.jdbc.fallback-datasource
workflow.audit.wfs.jdbc.httpAuditData
workflow.audit.wfs.jdbc.jdbc-password
workflow.audit.wfs.jdbc.jdbcURL
workflow.audit.wfs.jdbc.jdbc-username
workflow.audit.wfs.jdbc.keystore-file
workflow.audit.wfs.jdbc.keystore-password
workflow.audit.wfs.jdbc.keystore-type
workflow.audit.wfs.jdbc.schema
workflow.audit.wfs.jdbc.ssl-type
workflow.audit.wfs.jdbc.tablename
workflow.audit.wfs.jdbc.truncate-to-cef
workflow.audit.wfs.jdbc.truststore-file
workflow.audit.wfs.jdbc.truststore-password
workflow.audit.wfs.jdbc.truststore-type
workflow.audit.wfs.jdbc.use-ssl