6.0 Configuring Identity Manager Components to Log Audit Events in CEF Format

Identity Manager introduces Common Event Format (CEF), an open log management standard, for auditing events across all Identity Manager components. CEF enables you to use a common event log format so that auditing data can easily be collected and aggregated for further analysis. CEF format uses the Syslog message format as a transport mechanism.

The following Identity Manager components support auditing with CEF:

  • Identity Vault (eDirectory)

  • Identity Manager Engine

  • Remote Loader

  • .NET and Java Remote Loader

  • Fanout Agent

  • Identity Applications

  • One SSO Provider (OSP)

  • Self-Service Password Reset (SSPR)

  • Data Collection Services (DCS)

NOTE:In Identity Manager 4.7, Identity Reporting does not support auditing through CEF and Platform Agent. Identity Reporting supports auditing through CEF from 4.7.1 onwards. For more information, see Extended Support of Uniform Auditing for Identity Reporting in the NetIQ Identity Manager 4.7 Service Pack 1 Release Notes.