The Event Auditing Service Settings page allows you to specify the settings for the Event Auditing Service, which captures log events associated with actions performed in various Novell tools, such as RBPM, RMA, Designer, and the Identity Reporting Module. Within the reporting module, the events captured include the import, modification, deletion, or scheduling of a report definition.
Click
under in the left navigation menu.The reporting module displays the Event Auditing Service Settings page.
To define the port for the Syslog SSL Connector, specify the port number in the
field.To define the port for the UDP connector, specify the port number in the
field.To define the port for the audit connector, specify the port number in the
field.To test the connection to EAS, click
.To forward events from Sentinel to EAS, follow the instructions presented under Section 9.5, Configuring Sentinel Link to Use Sentinel as the Sender and EAS as the Receiver.
IMPORTANT:You can forward events from EAS to Sentinel or Sentinel to EAS. However, Novell recommends that you forward events from Sentinel to EAS.
To forward events from EAS to Sentinel:
Specify the network address for the Event Router in the
field.Specify the port number for the Event Router in the
field.To specify a filter for event forwarding, specify the filter in the
field.The event forwarding filter allows you to control which events are actually forwarded to Sentinel. The Apache Lucene Web site.
field supports the Lucene Query syntax implemented by Apache. Therefore, you can use this field to specify any query filter that would be supported by the Lucene query filter. For more information on Apache Lucene, see theTo start event forwarding, select the
checkbox.Event forwarding is the ability to forward events to a Sentinel server for further processing. In order for the Sentinel server to receive events, a Link Connector must be configured. Refer to the Sentinel documentation for more information about creating a Link Connector.
For more information, see the Sentinel User Guide.
To test the event forwarding configuration, click
.To save your changes, click
.EAS stores all auditing data in the Identity Information Warehouse. Auditing events are stored in tables within the public schema in the SIEM database.