A Global Administrator can use the Configuration menu or the Configuration Utility to enable and disable specified audit events for specified packages and event IDs. For more information about the Configuration Utility, see Using the Identity Governance Configuration Utility
in the Identity Governance 3.7 Installation and Configuration Guide.
When a Global Administrator enables auditing, Identity Governance can send audit event information to any combination of the following:
An application server log
A separate log file
A syslog destination
A database table (through JDBC)
Audit event logs allow you to provide evidence that you comply with regulations. The Global Administrator must first set the audit targets for selected modules, and then enable or disable audit event logging for specific packages or event IDs.
NOTE:If you delete an audit log file while auditing is enabled and the server is running, a new audit log file will not automatically be generated. If you need to delete an audit log file while auditing is enabled, you must either first disable auditing and then enable it again, or you must restart the server.
To enable auditing for specified audit events, the Global Administrator must specify one or more audit targets for Identity Governance to create the log files. The administrator can configure audit targets for the following modules:
Server WAR allows you to manage audit logs for:
Tomcat
Syslog
A generic log file
JDBC
RPT WAR allows you to manage audit logs for:
Tomcat
Syslog
A generic log file
JDBC
Workflow WAR allows you to manage audit logs for:
Tomcat
Syslog
A generic log file
JDBC
A DaaS War allows you to manage audit logs for:
Tomcat
Syslog
A generic log file
JDBC
A DTP War allows you to manage audit logs for:
Tomcat
Syslog
A generic log file
JDBC
You may mange audit logs for more than one module and configure more than one log type within each module.
To set audit targets:
Log in to Identity Governance as a Global Administrator.
Select Configuration > Audit Enablement.
Click Set Audit Target.
Select a module for which to manage audit logs.
Click the toggle switch for the each log file type to send audit events.
Make any needed edits to key values for each enabled log file type.
After setting the audit target, the Global Administrator can enable or disable audit events for specific packages or event IDs. When you click the Audit Level Configuration tab, you can list event IDs individually or grouped by package. The default grouping by package allows you click the toggle next to a package name to enable all audit events in a package. You can also click a package name to view a list of the event IDs within the package, and then enable auditing for only some of those event IDs.
NOTE:If you enable only some event IDs in a package, the package appears as Disabled in the list if grouped by package. Click the package name to view which event IDs are enabled.
Whether you view audit events grouped by packages or as individual event IDs, you can use the search bar to narrow the list to the packages or event IDs you want for which you want to manage audit logs.
To enable and disable audit events:
Log in to Identity Governance as a Global Administrator.
Select Configuration > Audit Enablement.
Click Audit Level Configuration.
(Conditional) If you want to enable all event IDs in a package:
From the Show menu, select Group by package.
Click the toggle switch for each listed package for which you want to enable or disable audit events.
(Conditional) If you want to enable specific event IDs in a package:
From the Show menu, select Group by package.
Click the package that contains the event IDs you want to enable or disable.
Click the toggle switch for each listed event ID for which you want to enable or disable audit events.
(Conditional) If you want to list and enable specific event IDs:
From the Show menu, select Event ID.
Click the toggle switch for each listed event ID for which you want to enable or disable audit events.