Audit Event Plug-ins

The DirX Access audit service supports callouts to drop audit events and allows for the deployment of audit event handlers through a plug-in interface. This design allows externalizing audit event handling to auditing sinks. This chapter describes the steps needed to employ the audit event plug-in and its subsequent use. General support of auditing sinks, the configuration for the auditing source, the types and contents of audit events and the audit externalization interface are described in the section Auditing.

About the Event Handler for Audit

The audit subsystem provides audit events that can be consumed by external auditing sinks. The integration is provided by plugging audit event handlers into the DirX Access Server at the audit event externalization interface.

The configuration allows mounting a single event handler for audit. This mechanism does not limit the number of data stores that can be integrated. It is the responsibility of the audit event plug-in to push audit events into such stores.

Developing an Audit Event Handler

This section describes the tasks necessary for developing a custom audit event handler.

Externalizing Audit Eventing from the DirX Access Server

The DirX Access Server allows externalizing audit eventing through a plug-in concept. This method requires creating an audit callout handler that implements the AuditCallout interface (net.atos.dirx.access.audit.api.callout.AuditCallout). The implementing class must be contained within an exported package of an OSGi bundle.

Employing an Audit Event Handler

The steps needed to employ the custom callout handler are outlined in the section Employing External Plug-in Modules.

Using an Audit Event Handler

This section describes the tasks that need to be performed to use an audit event handler. Before starting to configure the DirX Access Server, make sure to run through all the steps in the section Employing External Plug-in Modules.

Prerequisites

To successfully employ the custom audit event handler, you must install the OSGi bundle exporting the package containing the callout implementation on the DirX Access Server. To accomplish this task, make sure that you have performed all of the steps described in the section Employing External Plug-in Modules.

Configuring the Custom Audit Event Handler at the DirX Access Server

  • In DirX Access Manager, go to Configuration | Extension modules.

    • Create the callout handler <CalloutIdentifier>:

    • Go to Callout handlers and click the “add” icon to create a new callout handler.

    • Identifier: <CalloutIdentifier>

    • Description: arbitrary

    • Type: select AuditEvents

    • Class name: enter the fully-qualified Java class name of the callout implementation.

    • Click Save.

  • In DirX Access Manager, go to Servers | Cluster.

    • Select a server identifier for which the custom audit event handler shall be added.

    • In the “Audit callout handler identifier” drop-down box in the Audit Service section, select <CalloutIdentifier>.

    • Click Save.