The purpose of Identity Manager auditing is to record who did what to which Identity Manager objects, and when did they do it.
Audit events are handled by one or more publishers. By default, Identity Manager records audit events in the repository using the repository publisher. Filtering, with the help of audit groups, allows the administrator to select a subset of audit events for recording. Each publisher can be assigned one or more audit groups that are enabled initially.
For information about monitoring and managing user violations, see Chapter 13, Identity Auditing: Basic Concepts