The JMX audit log publisher publishes audit events so that a JMX (Java Management Extensions) client can monitor Identity Manager audit log activity.
Java Management Extensions (JMX) is a Java technology that allows for managing and/or monitoring applications, system objects, devices, and service oriented networks. The managed/monitored entity is represented by objects called MBeans (for Managed Bean).
Identity Manager’s JMX audit log publisher monitors the audit log for events. When an event is detected, the JMX publisher wraps the audit event record with an MBean, and also updates a temporary history (which is kept in memory). For each event, a separate small notification is sent to the JMX client. If the event is of interest, the JMX client can query the MBean wrapping the audit event for additional information.
See the com.waveset.object.AuditEvent Javadoc for information about audit event records. The Javadoc is available in the REF kit, which is discussed in Developing Custom Audit Publishers.
To retrieve information from the correct MBean, a history sequence number is required. This number is included in the event notification.
Each event notification includes the following information:
Type. A string describing the type of event. The string follows the format AuditEvent.<ObjectType>.<Action> where ObjectType and Action are returned from com.waveset.AuditEvent. For example, if an unlock event is sent, the type would be AuditEvent.LighthouseAccount.Unlock.
SequenceNumber. The history buffer key used to query information from the MBean.
To enable the JMX publisher type, follow the steps in To Enable Custom Audit Publishers and select JMX from the New Publisher drop-down menu.
To configure the JMX publisher type, complete the Configure New Audit Publisher form. If you have questions about the form, refer to the i-Helps and online Help.
Publisher Name. Type a unique name for the JMX audit event publisher.
History Limit. Change the default value as needed to specify the number of event items that the publish should retain in memory. (Default is 100.)
Click Test to verify that the Publisher Name is acceptable.
Click OK. The Configure New Audit Publisher form closes.
Important! Click Save.
Use a JMX client to view the JMX publisher. JConsole, which is included in the JDK 1.5, was used to create the following screen captures.
If using JConsole, choose attach to process to view the IDM:type=AuditLog MBean. For information on configuring JConsole for use as a JMX client, see Viewing JMX Data in Sun Identity Manager 8.1 System Administrator’s Guide.
In JConsole, click the Notifications tab to view audit events. Note the sequence number in the notification. A sequence number is required when querying the MBean for additional information.
In JConsole, click the Operations tab. Use the sequence number in the notification to query the MBean for event details. Each of the operations are prefixed with ’get’ and the only parameter is the ’sequence’ number.
The MBean is virtually a one-to-one mapping to the com.waveset.object.AuditEvent class. Table 10–19 provides a description for each attribute/operation that the MBean provides.
Table 10–19 MBeanInfo Attribute/Operation Descriptions
Attribute / Operation |
Description |
---|---|
AccountAttributesBlob |
The list of changed attributes |
AccountId |
AccountId associated with the event |
Action |
Action taken during the event |
AuditableAttributes |
The Auditable attributes |
ErrorString |
Any error string |
Interface |
The Audit interface |
MemberObjectGroupRefs |
The member object group references |
ObjectName |
The object name |
ObjectType |
The object type |
OverflowAttributes |
All the overflow attributes |
Parameters |
All the parameters |
Reason |
The reason for the event |
ResourceName |
Resource associated with the event |
RoleName |
Role associated with the event |
SubjectName |
User or service associated with the event |
Server |
Name of the server from which the event fired |
Status |
Status of the audit event |
Timestamp |
Date/Time of the audit event |
In JConsole, click the Attributes tab. Attributes are prefixed with Current to indicate that the attribute contains the most recent audit event sent to the system.