12.4 Identifying Audit Events for Identity Reporting

This section provides information on how to identify different audit events required for Identity Manager reports and custom reports. You can unzip all report sources and run the following script to identify the audit events:

find . -name *.jrxml -print0 |xargs -0 grep -H "'000[B3]" | perl -ne '($file) = /^\.\/(.*?)\//;@a = /000[3B]..../g; foreach $a (@a) { print "$file;$a\n"}' |sort -u

The following section provides information on how to identify and select various audit events for identity Manager reports and custom reports:

Event Name	Audit Flag
Authentication and Password Change	Selecting Audit Flag using SSPR: Launch SSPR Configuration Editor > Audit Configuration > Select from the following audit flags: Authenticate Change Password Unlock Password Recover Password Intruder Attempt Intruder Lock Intruder Lock User Selecting Audit Flag using iManager: Go to iManager Roles and Tasks > eDirectory Auditing > > Audit Configuration > Novell Audit > Select from the following audit flags: Change Password Verify Password Login Logout
All other reporting events	Go to NetIQ Identity Manager UserApp > Administration > Logging > Enable audit service

Event Name

Audit Flag

Authentication and Password Change

Selecting Audit Flag using SSPR: Launch SSPR Configuration Editor > Audit Configuration > Select from the following audit flags:

Authenticate
Change Password
Unlock Password
Recover Password
Intruder Attempt
Intruder Lock
Intruder Lock User

Selecting Audit Flag using iManager: Go to iManager Roles and Tasks > eDirectory Auditing > > Audit Configuration > Novell Audit > Select from the following audit flags:

Change Password
Verify Password
Login
Logout

All other reporting events

Go to NetIQ Identity Manager UserApp > Administration > Logging > Enable audit service