1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. IDENTITY AUDIT 1.0 - GUIDE
  6. Manual

Rules; Rules Overview - Novell IDENTITY AUDIT 1.0 - GUIDE Manual

Hide thumbs
Table of Contents

Advertisement

Rules

8
This section describes the event channels that can be used to send events from Identity Audit to
another system.
Section 8.1, "Rules Overview," on page 61
Section 8.2, "Configuring Rules," on page 62
Section 8.3, "Configuring Actions," on page 64

8.1 Rules Overview

The Rules interface provides the ability to define rules to evaluate all incoming events and deliver
selected events to designated output channels.For example, each severity 5 event can be e-mailed to
a security analysts distribution list or an administrator.
NOTE: All events are also delivered to the database.
An incoming event is evaluated against each filtering rule in order until a match is found, and then
the delivery actions associated with that rule are executed:
Send to e-mail: Send the event to a user or users by using a configured SMTP relay
Write to File: Write the event to a specified file on the Identity Audit server
Send to Syslog: Forward the event to a configured syslog server
TIP: Events are processed by the associated actions one at a time. You should therefore consider
performance implications when selecting which output channel to which events are sent. For
example, the Write to File action is the least resource-intensive, so it can be used to test rule criteria
to determine the data volume before sending a flood of events to e-mail or syslog.
Also, when you set up the Send to e-mail action, you should consider how many events the recipient
can effectively handle and adjust the filtering on the rule accordingly.
Event output is in JavaScript* Object Notation (JSON) which is a lightweight data exchange format.
Events consist of field names (such as "evt" for Event Name) followed by a colon and a value (such
as "Start"), separated by commas.
{"st":"I","evt":"Start","sev":"1","sres":"Collector","res":"CollectorManager"
,"rv99":"0","rv1":"0","repassetid":"0","rv77":"0","agent":"Novell
SecureLogin","obsassetid":"0","vul":"0","port":"Novell
SecureLogin","msg":"Processing started for Collector Novell SecureLogin (ID
D892E9F0-3CA7-102B-B5A1-005056C00005).","dt":"1224204655689","id":"751D97B0-
7E13-112B-B933-000C29E8CEDE","src":"D892E9F0-3CA7-102B-B5A2-005056C00004"}
8
Rules
61

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IDENTITY AUDIT 1.0 - GUIDE and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Novell IDENTITY AUDIT 1.0 - GUIDE

Related Content for Novell IDENTITY AUDIT 1.0 - GUIDE

This manual is also suitable for:

Identity audit 1.0

Table of Contents