Configuring DirX Audit Collectors
DirX Audit contains the following types of generic collectors:
-
JMS collectors
-
File collectors
These collectors support a proprietary generic audit message format initially modeled on the RFC 3881 Security Audit and Access Accountability Message XML format. You can find more information about the RFC 3881 standard at the URL http://www.faqs.org/rfcs/rfc3881.html. The audit message format was significantly modified between DirX Audit V2.0 and DirX Audit V3.0.
DirX Audit also provides product-specific collectors that collect audit messages from the following products:
-
DirX Identity
-
DirX Access
The next sections describe how to configure these collectors.
For details on specific input validation and processing in File and JMS collectors, see the section "Specific input validation and processing in File and JMS collectors" in "Managing DirX Audit Server Error Handling".
Configuring Generic Collectors
The generic collectors can read audit messages in the DirX Audit format. The DirX Audit XML schema file AuditMessages.xsd uses the XML namespace "urn:com:siemens:dxt:persistence:schemadb:2.0". The next sections describe how to configure the generic collectors.
The following figure provides an overview of the data flow of the generic collectors:
Configuring DirX Identity Collectors
DirX Identity provides audit messages in several locations:
-
In the dxrHistory attribute of LDAP entries; these messages are called "history audit messages". DirX Identity workflows can optionally export these audit messages to files.
-
In JMS messages produced by the JMS-Audit Handler hosted in the IdS-J and covering workflow events; these messages are called "workflow audit messages".
-
In files produced by the File Audit Handler hosted in the IdS-J covering workflow events; these messages are called "workflow audit messages".
The JMS and the File Audit Handler should be used alternatively.
DirX Audit provides collectors to read DirX Identity audit messages from the following sources:
-
Directory services via LDAP
-
JMS message queues
-
Files
The following figure provides an overview of the DirX Identity collectors:
About the DirX Identity JMS-Audit Handler Plug-in
DirX Identity can automatically deliver workflow audit messages to a message queue using the JMS-Audit Handler plug-in delivered with DirX Audit. See the chapter "Installing the DirX Identity JMS-Audit Handler Plug-in" in the DirX Audit Installation Guide for instructions on how to install the DirX Identity JMS-Audit Handler plug-in.
Configuring DirX Identity LDAP Collectors
For details on configuring DirX Identity LDAP collectors, see the section "Server LDAP Collector for DirX Identity Format" in "Configuring DirX Audit" in the DirX Audit Installation Guide.
Configuring the DirX Access JMS Collector
DirX Access produces audit messages using its proprietary format. The DirX Access JMS-Audit Handler Plug-in transforms the data into DirX Audit format and sends it to a message queue. The next sections describe how to configure the DirX Access JMS collector.
The following figure provides an overview of the DirX Access JMS collector data flow:
About the DirX Access JMS-Audit Handler Plug-in
The DirX Access JMS-Audit Handler plug-in allows DirX Access to use the DirX Audit JMS collector to track DirX Access audit events. See the chapter "Installing DirX Access JMS-Audit Handler Plug-in" in the DirX Audit Installation Guide for information on how to install the DirX Access JMS-Audit Handler plug-in.