The ESF Auditing feature collects information about ESF events. Current Enterprise Server releases use the syslog protocol for audit events. The older Micro Focus Audit Manager is still supported but deprecated. For the highest level of security, enable auditing and send the audit events to a Security Event and Information Management (SIEM) system such as Micro Focus ArcSight or Sentinel, where it can be automatically analyzed and correlated with other security-relevant data.
The ESF Update feature can be used to notify running processes of changes to security data in External Security Managers. The Update mechanism tells ESF to flush cached information and recompute stored results such as group membership. The ESCWA and MFDS administration user interface provide an Update All button to make basic update notifications, but Micro Focus recommends the use of the esfupdate command-line utility to submit update requests, as it provides more control of the request contents and destination.