The following table lists the engine events that can be audited through Sentinel:
Table A-2 Engine Events
Event ID |
Description |
Trigger |
---|---|---|
0030001 |
Status Success |
Many different events can cause the status success event to occur. It usually signifies that an operation was successfully completed. |
0030002 |
Status Retry |
Many different events can cause the status retry event to occur. It signifies an operation was not completed and the operation must be tried again later. |
0030003 |
Status Warning |
Many different events can cause the status warning event to occur. It usually signifies that an operation was completed with minor problems. |
0030004 |
Status Error |
Many different events can cause the status error event to occur. It usually signifies that an operation was not completed successfully. |
0030005 |
Status Fatal |
Many different events can cause the status fatal event to occur. It usually signifies that an operation was not completed successfully and the engine or driver could not continue. |
0030006 |
Status Other |
Any status document processed with a level other than the five previously defined creates a status other event. These events can only be generated within a style sheet or rule. |
0030007 |
Search |
Occurs when a query document is sent to the Identity Manager engine or driver. |
0030008 |
Add Entry |
Occurs when an object is added. |
0030009 |
Delete Entry |
Occurs when an object is deleted. |
003000A |
Modify Entry |
Occurs when an object is modified. |
003000B |
Rename Entry |
Occurs when an object is renamed. |
003000C |
Move Entry |
Occurs when an object is moved. |
003000D |
Add Association |
Occurs when an association is added. It can happen on an add or a match. |
003000E |
Remove Association |
When an object is deleted, there is no remove association event. The remove association occurs when a User object is deleted in the disparate application, and the delete is then converted into a modify that removes the association. |
003000F |
Query Schema |
Occurs when a query schema operation is sent to the Identity Manager engine or driver. |
0030010 |
Check User Password Status |
Manual function that is initiated via iManager to check the status of the user’s password. |
0030011 |
Check Object Password |
Occurs when a request is issued to check an object's password, other than the driver. |
00307D7 |
Keyed Password Set |
Occurs when a named password is modified. The following sub-event types for Keyed Password Set can be found under the act field of the CEF event:
|
0030012 |
Change Password |
Occurs when a request is issued to change the driver's password. |
0030013 |
Sync |
Occurs when a sync event is requested. |
0030014 |
Input XML Document |
Generated whenever an input document is created by the engine or driver. |
0030015 |
Input Transformation Document |
Generated after the input transformation policies are processed, allowing the user to view the transformed document. |
0030016 |
Output Transformation Document |
Generated after the output transformation policies are processed, allowing the user to view the transformed document. |
0030017 |
Event Transformation Document |
Generated after the event transformation policies are processed, allowing the user to view the transformed document. |
0030018 |
Placement Rule Transformation Document |
Generated after the Placement rule policies are processed, allowing the user to view the transformed document. |
0030019 |
Create Rule Transformation Document |
Generated after the Create rule policies are processed, allowing the user to view the transformed document. |
003001A |
Input Mapping Rule Transformation Document |
Generated after the Schema Mapping rules are processed which convert the document to the eDirectory schema. |
003001B |
Output Mapping Rule Transformation Document |
Generated after the Schema Mapping rules are processed which convert the document to the applications schema. |
003001C |
Matching Rule Transformation Document |
Generated after the Matching rule policies are processed, allowing the user to view the transformed document. |
003001D |
Command Transformation Document |
Generated after the command transformation policies are processed, allowing the user to view the transformed document. |
003001E |
Publisher Filter Transformation Document |
Generated after processing the notify filter on the Publisher channel, allowing the user to view the transformed document. |
003001F |
User Agent Request |
Occurs when a User Agent XDS command document is sent to the Driver on the Subscriber channel. |
0030020 |
Resync Driver |
Occurs when a resync request is issued. |
0030021 |
Migrate |
Occurs when a migrate request is issued. |
0030022 |
Driver Start |
Occurs when a driver is started. NOTE:The CEF event displayed on the auditing server such as Sentinel does not fetch the Hostname/IP address details of iManager or Designer from where the driver was started. |
0030023 |
Driver Stop |
Occurs when a driver is stopped. NOTE:The CEF event displayed on the auditing server such as Sentinel does not fetch the Hostname/IP address details of iManager or Designer from where the driver was stopped. |
0030024 |
Password Sync |
Generated when setting the distribution or simple password on an object. |
0030025 |
Password Reset |
Generated when resetting the connected application password after a failed password sync operation. |
0030026 |
DirXML Error |
Generated whenever the engine throws an internal error. |
0030027 |
DirXML Warning |
Generated whenever the engine throws an internal warning. |
0030028 |
Custom Operation |
Occurs when an unknown operation appears in an input document. An example of known operations would be an add, delete, or modify. |
0030029 |
Clear Attribute |
Occurs when a modify operation contains a remove-all-value element. |
003002A |
Add Value - Modify Entry |
Occurs when a value is added during the modification of an object. |
003002B |
Remove Value |
Occurs when a modify operation contains a remove-value element. |
003002C |
Merge Entries |
Occurs when two objects are being merged. |
003002D |
Get Named Password |
Generated on a Get Named Password operation. |
003002E |
Reset Attributes |
Occurs when a Reset document is issued on the publisher or Subscriber channels. |
003002F |
Add Value - Add Entry |
Occurs when a value is added during the creation of an object. |
0030030 |
Set SSO Credential |
Occurs when a driver policy executes the do-set-sso-credential action. |
0030031 |
Clear SSO Credential |
Occurs when a driver policy executes the do-clear-sso-credential action. |
0030032 |
Set SSO Passphrase |
Occurs when a driver policy executes the do-clear-sso-credential action. |
0030033 |
Startup Rule |
Generated after the Startup policies are processed. Allows the user to view the transformed document. |
0030034 |
Shutdown Rule |
Generated after the Shutdown policies are processed. Allows allows the user to view the transformed document. |
0030035 |
Send Mail |
Occurs when a policy or job is executed where the send mail option is configured. This will trigger a job to send an e-mail. |
0030036 |
Entitlement Operation |
Occurs when the value of the DirXML-EntitlementResult changes. |
000304B0 |
Account Create By Entitlement Grant |
Occurs when an account is created by granting of an entitlement. |
000304B1 |
Account Delete By Entitlement Revoke |
Occurs when an account is deleted on revoking of the entitlement. |
000304B2 |
Account Disable By Entitlement Revoke |
Occurs when an account is disabled on revoking of the entitlement. |
000304B3 |
Account Enable By Entitlement Grant |
Occurs when an account is enabled by granting of an entitlement. |