NetIQ Documentation: NetIQ Identity Manager Security Guide - Tracking Changes to Sensitive Information

1.8 Tracking Changes to Sensitive Information

You can use Audit to log events that you consider important for security.

For example, you could log password changes for a particular Identity Manager driver (or driver set) by doing the following:

In iManager, select eDirectory Administration > Modify Object > Log Level.

Select from the drop-down list or select a tab, depending on your version of iManager.
Select Log Specific Events.
To select the specific events, click the Log Events icon .
Enable the Turn off logging to Driver Set, Subscriber and Publisher logs option to prevent logging Identity Manager events to eDirectory.

Enabling this option improves the performance of the Identity Manager system.
On the Events page, select the following:
- In Operation Events, select Change Password.
  
  This item monitors direct changes to the NDS password.
- In Transformation Events, select Password Set and Password Sync. These two items monitor events for the Universal Password and Distribution Password.
Click OK twice.

You can log events that apply to a driver set or to a driver.

In Designer, right-click a driver set, then select Properties.
Select Driver Set Log Level, then select Log Specific Events.
Click the Select Events to Log icon.
Enable the Turn off logging to Driver Set, Subscriber and Publisher logs option to prevent logging Identity Manager events to eDirectory.

Enabling this option improves the performance of the Identity Manager system.
Select events to log, then click OK.

In Designer, right-click a driver, then select Properties.
Select Driver Log Level, then select Log Specific Events.
If you prefer, you can accept the settings for the driver set, then click OK.

or

Deselect Use log settings from the Driver Set, select Log specific events, then click OK.
Click the Select Events to Log icon.
Select events to log, then click OK.