Identity Governance generates common event format (CEF) events that you can forward on to an audit server to analyze the events and to create reports. These reports allow you to provide that you are in compliance with regulations.
Identity Governance provides auditing for the following components:
Identity Governance
Identity Reporting
OSP
You can enable auditing during the installation of these components or you can enable auditing any time after you have installed the components. You use the Identity Governance Configuration Update utility to enable auditing after you have installed the components.
In prior releases of Identity Governance you would edit the ig-server-logging.xml file to enable auditing for the different components. You now use the Identity Governance Configuration Update utility to enable auditing if you did not enable auditing during the installation of the components. Use the Identity Governance Configuration Update utility to change the server details, TLS settings, and to enable auditing for the different components instead of editing the ig-server-logging.xml file.
WARNING:If you make changes for the server details, TLS settings, or if you enable auditing for Identity Governance in the ig-server-logging.xml file, it can cause the Identity Governance Configuration Update utility to no longer affect these audit settings.
Use the following information to enable auditing after the installation of OSP, Identity Governance, or Identity Reporting:
The steps to enable auditing for Identity Governance, Identity Reporting, and OSP after you have installed the components are the same. If you have the components installed on separate servers, you must perform the following steps for each OSP server, Identity Governance server, and Identity Reporting server that you have installed. For example, if you have clustered Identity Governance, you must enable auditing on each node in the cluster. If you have installed Identity Governance and Identity Reporting on separate servers, you must enable auditing on Identity Governance and Identity Reporting servers.
To enable auditing after the installation:
Stop the application server. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.
Launch the Identity Governance Configuration Update utility:
Navigate to one of the following directories:
Linux: /opt/netiq/idm/apps/configupdate
Windows: C:\netiq\idm\apps\configupdate
Launch the Identity Governance Configuration Update utility:
Linux: ./configupdate.sh
Windows: configupdate.bat
Click the CEF Auditing tab, then use the following information to enable auditing: click Auditing Settings, then click Send audit events.
Select this option to enable auditing for this server.
Specify the DNS name of the audit server. If it is this server, you can use localhost.
Specify the port the audit server uses to communicate. The default port is 6514.
Select if the audit server communicates over TCP or UDP.
This option only appears if you select TCP. Select this option if you have configured the audit server to communicate over TLS. For more information, see Section 3.8, Securing Connections with TLS/SSL.
Specify a path to a directory on this server where Identity Governance stores the audit cache files until the information is sent to the audit server.
Click OK to save the changes and the Identity Governance Configuration Update utility automatically closes.
Start the application server. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.
We provide a list of the events that the server sends to the audit server. To see the list of events, see:
Identity Governance allows you to enable a more granular view of the audit events by enabling loggers. For more information, see Section 14.6, Increasing Logging Levels for Identity Governance and the Identity Governance Clients.