The following table lists the CEF events that can be audited through Sentinel:
Table A-1 CEF Events
|
CEF Event ID |
Description |
Trigger |
|---|---|---|
|
00030001 |
Status Success |
Many different events can cause the status success event to occur. It usually signifies that an operation was successfully completed. |
|
00030002 |
Status Retry |
Many different events can cause the status retry event to occur. It signifies an operation was not completed and the operation must be tried again later. |
|
00030003 |
Status Warning |
Many different events can cause the status warning event to occur. It usually signifies that an operation was completed with minor problems. |
|
00030004 |
Status Error |
Many different events can cause the status error event to occur. It usually signifies that an operation was not completed successfully. |
|
00030005 |
Status Fatal |
Many different events can cause the status fatal event to occur. It usually signifies that an operation was not completed successfully and the engine or driver could not continue. |
|
00030006 |
Status Other |
Any status document processed with a level other than the five previously defined creates a status other event. These events can only be generated within a style sheet or rule. |
|
00030026 |
DirXML Error |
Generated whenever the engine throws an internal error. |
|
00030027 |
DirXML Warning |
Generated whenever the engine throws an internal warning. |
|
00030028 |
Custom Operation |
Occurs when an unknown operation appears in an input document. An example of known operations would be an add, delete, or modify. |
|
|
|
|
00030008 |
Add Entry |
Occurs when an object is added. |
|
0003002F |
Add Value - Add Entry |
Occurs when a value is added during the creation of an object. |
|
0003002E |
Reset Attributes |
Occurs when a Reset document is issued on the publisher or Subscriber channels. |
|
0003002A |
Add Value - Modify Entry |
Occurs when a value is added during the modification of an object. |
|
0003002B |
Remove Value |
Occurs when a modify operation contains a remove-value element. |
|
00030029 |
Clear Attribute |
Occurs when a modify operation contains a remove-all-value element. |
|
00030009 |
Delete Entry |
Occurs when an object is deleted. |
|
000307DB |
Cache Utility |
|
|
00030007 |
Search |
Occurs when a query document is sent to the Identity Manager engine or driver. |
|
0003000F |
Query Schema |
Occurs when a query schema operation is sent to the Identity Manager engine or driver. |
|
0003000A |
Modify Entry |
Occurs when an object is modified. |
|
0003000B |
Rename Entry |
Occurs when an object is renamed. |
|
0003002C |
Merge Entries |
Occurs when two objects are being merged. |
|
0003000C |
Move Entry |
Occurs when an object is moved. |
|
|
|
|
0003000D |
Add Association |
Occurs when an association is added. It can happen on an add or a match. |
|
0003000E |
Remove Association |
When an object is deleted, there is no remove association event. The remove association occurs when a User object is deleted in the disparate application, and the delete is then converted into a modify that removes the association. |
|
00030020 |
Resync Driver |
Occurs when a resync request is issued. |
|
00030014 |
Input XML Document |
Generated whenever an input document is created by the engine or driver. |
|
00030015 |
Input Transformation Document |
Generated after the input transformation policies are processed, allowing the user to view the transformed document. |
|
00030016 |
Output Transformation Document |
Generated after the output transformation policies are processed, allowing the user to view the transformed document. |
|
00030017 |
Event Transformation Document |
Generated after the event transformation policies are processed, allowing the user to view the transformed document. |
|
00030018 |
Placement Rule Transformation Document |
Generated after the Placement rule policies are processed, allowing the user to view the transformed document. |
|
00030019 |
Create Rule Transformation Document |
Generated after the Create rule policies are processed, allowing the user to view the transformed document. |
|
0003001A |
Input Mapping Rule Transformation Document |
Generated after the Schema Mapping rules are processed which convert the document to the eDirectory schema. |
|
0003001B |
Output Mapping Rule Transformation Document |
Generated after the Schema Mapping rules are processed which convert the document to the applications schema. |
|
0003001C |
Matching Rule Transformation Document |
Generated after the Matching rule policies are processed, allowing the user to view the transformed document. |
|
0003001D |
Command Transformation Document |
Generated after the command transformation policies are processed, allowing the user to view the transformed document. |
|
0003001E |
Publisher Filter Transformation Document |
Generated after processing the notify filter on the Publisher channel, allowing the user to view the transformed document. |
|
0003001F |
User Agent Request |
Occurs when a User Agent XDS command document is sent to the Driver on the Subscriber channel. |
|
00030021 |
Migrate |
Occurs when a migrate request is issued. |
|
|
|
|
00030022 |
Driver Start |
Occurs when a driver is started. |
|
00030023 |
Driver Stop |
Occurs when a driver is stopped. |
|
|
|
|
00030010 |
Check Password |
Manual function that is initiated via iManager to check the status of the user’s password. |
|
00030011 |
Check Object Password |
Occurs when a request is issued to check an object's password, other than the driver. |
|
00030013 |
Sync |
Occurs when a sync event is requested. |
|
0003002D |
Get Named Password |
Generated on a Get Named Password operation. |
|
00030012 |
Change Password |
Occurs when a request is issued to change the driver's password. |
|
00030024 |
Password Sync |
Generated when setting the distribution or simple password on an object. |
|
00030025 |
Password Reset |
Generated when resetting the connected application password after a failed password sync operation. |
|
00030030 |
Set SSO Credential |
Occurs when a driver policy executes the do-set-sso-credential action. |
|
00030031 |
Clear SSO Credential |
Occurs when a driver policy executes the do-clear-sso-credential action. |
|
00030032 |
Set SSO Passphase |
Occurs when a driver policy executes the do-clear-sso-credential action. |