24 Novell Access Manager 3.1 SP1 Administration Console Guidenovdocx (en) 19 February 2010 Error events Denial of service attacks Security violations and other events necessary for verifying the correct and expected operationof the identity and access management system.Audit logging does not track the operational processing of the Access Manager components; that is,the processing and interactions between the Access Manager components required to fulfill a userrequest. (For this type of logging, see “Configuring Component Logging” in the Novell AccessManager 3.1 SP1 Identity Server Guide.) Audit logs record the results of user and administratorrequests and other system events. Although the primary purpose for audit logging is for auditing andcompliance, the types of events logged can also be useful for detecting abnormal and errorconditions and can be used as a first alert mechanism for system support. You can configure theaudit log entries to generate alerts by leveraging the Novell Audit Notification feature. You canselect to generate e-mail, syslog, and SNMP notifications.Access Manager has been assigned the Novell Audit server-alert event code 0x002E0605. TheNovell Audit Platform Agent is responsible for packaging and forwarding the audit log entries to theconfigured Novell Audit server. If the Novell Audit server is not available, the Platform Agentcaches log entries until the server is operational and can accept audit log data. The Platform Agentcan be configured to forward events to Sentinel rather than Novell Audit. For information on how todo this, see “Specifying the Logging Server and the Console Events” on page 25. Section 1.7.1, “Configuring Access Manager for Novell Auditing,” on page 24 Section 1.7.2, “Querying Data and Generating Reports in Novell Audit,” on page 271.7.1 Configuring Access Manager for Novell AuditingBy default, Access Manager is preconfigured to use the Novell Audit server it installs on the firstinstance of the Administration Console. If you install more than one instance of the AdministrationConsole for failover, Novell Audit is installed with each instance. However, if you already useNovell Audit, you can continue using your existing installation with Access Manager. You need toconfigure Access Manager to use your audit server. You’ll also need to register the Access Managerwith your audit servers by importing the nids_en.lsc and sslvpn_en.lsc files.Novell Access Manager allows you to specify only one Novell Audit server. You still have failoverif the audit server goes down. The auditing clients on the Novell Access Manager components gointo caching mode when the audit server is not available. They save all events until the entries canbe sent to the audit server.This section includes the following topics: “Specifying the Logging Server and the Console Events” on page 25 “Configuring the Platform Agent” on page 26 “Configuring the Devices for Auditing” on page 27