cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Custom auditing with IdentityIQ

Custom auditing with IdentityIQ

 

Introduction

If you want add custom auditing to your workflow, rules, etc, it's as easy as (1), (2), (3).

 

Setup a new AuditAction

1. Setup a new AuditAction in the AuditConfig object

 

From the debug page, add the following to the AuditConfig object:

 

<AuditAction displayName="Custom New Audit Event for Chris" enabled="true" name="didsomething"/>

 

Call the audit functions

2. Call the audit functions from beanshell in a rule, task or workflow step as needed

 

The signature for the logAs function is:

 

static public boolean logAs(String actor, String action, String target,

                                String arg1, String arg2, String arg3,

                                String arg4) {

 

 

import sailpoint.server.Auditor;

 

 

            Auditor.logAs("source", "didsomething", "target","string1", "string2", "string3", "string4");       

                context.commitTransaction();

 

Alternatively, you can add a check so that you only create a log  entry if the type of event you are interested in logging is turned on in the UI (i.e. that it's enabled)

 

if (Auditor.isEnabled("didsomething")) {

      Auditor.logAs("source", "didsomething", "target","string1", "string2", "string3", "string4");

     context.commitTransaction();

}

 

This will cause the audit event to only be written if you have the "didsomething" audit event turned on in the UI (i.e. enabled).

 

Check your audit event

3. Check to see that your audit event was created successfully:

 

From the debug page or Advanced Analytics, search for Audit events:

 

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE AuditEvent PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<AuditEvent action="didsomething" source="source" target="target">

  <String1>string1</String1>

  <String2>string2</String2>

  <String3>string3</String3>

  <String4>string4</String4>

</AuditEvent>

 

Of course, you can replace all the actor, target and string 1 through string 4 with your own custom audit information.

 

The key thing is that the action parameter matches the name of the AuditAction object ("didsomething" in our example.)

Labels (1)
Comments

chris.hajdu

Is there any way by which we can update the log entries once we create them?

Thanks,

Mahesh Thota

Yes, you can always find an object using getObjectByName or getObjectById and then update it. However, this is probably not the right approach. Audit logs should stay constant without being changed. This is the point of an audit log. It's probably better that you look to generate a new audit event that indicates the new state or change that you want to audit.

Which method were you trying? The workflow method option or the API option?

Did you see any errors or warning in your log4j? Was the Audit Action enabled? Did the action name exactly? In both case and spelling.

In the example below, see that  enabled is set to true (or click the checkbox in the UI yourself) and that didsomething is spelled exactly the same in all places. It must match!

<AuditAction displayName="Custom New Audit Event for Chris" enabled="true" name="didsomething"/>

<AuditEvent action="didsomething" source="source" target="target">

  <String1>string1</String1>

  <String2>string2</String2>

  <String3>string3</String3>

  <String4>string4</String4>

</AuditEvent>

if (Auditor.isEnabled("didsomething")) {

      Auditor.logAs("source", "didsomething", "target","string1", "string2", "string3", "string4");

     context.commitTransaction();

}

Hi Chris,

I'm working on implementing a plugin that requires a custom audit event to be initialized. I've gotten that part configured and working properly, my question comes in concerning the method signature of the

Auditor.logAs() method.

Is there any method of the Auditor object that takes in more than just 4 strings? A little context on what I'm working on, I'm trying to iterate through a map of strings and add the strings to an AuditEvent.

I am getting the following error because I am passing more attributes than the logAs function takes in:

method Auditor.logAs(String,String,String,String,String,String) is not applicable

    [javac]       (actual and formal argument lists differ in length)

    [javac]     method Auditor.logAs(String,String,String,String,String,String,String) is not applicable

    [javac]       (actual and formal argument lists differ in length)

Thanks in advance for any insight you may have.

Best,

Robert

Version history
Revision #:
2 of 2
Last update:
‎Jul 25, 2023 06:27 PM
Updated by: