Juniper Networks :: Technical Documentation :: Configuring an Enterprise Service Portal Audit Plug-In

View PDF: Configuring an Enterprise Service Portal Audit Plug-In

Configuring an Enterprise Service Portal Audit Plug-In

The SRC software provides a sample event listener, DefaultAuditEventListener. You can use the sample listener, customize it, or use the information in the sample to create another audit plug-in. The sample event listener and its documentation is in the SDK+AppSupport+Demos+Samples.tar.gz file on the Juniper Networks Web site at: https://www.juniper.net/support/csc/swdist-erx/src.html You can locate the application in the directory /SDX/doc/ent/plugindoc/net/juniper/smgt/ent/plugin. The sample listener sends output to a log file. The documentation for the plug-in is also in the SDK+AppSupport+Demos+Samples.tar.gz file in the folder /SDX/doc/ent/plugindoc. You can also find the documentation on the Juniper Networks Web site athttp://www.juniper.net/techpubs/software/management/src/api-index.html.

If you create an audit plug-in, you add the plug-in class to the WAR file for the enterprise service portal.

Table 1 shows the common information that is provided by every enterprise service portal audit plug-in event.

Table 1: Common Audit Plug-In Information

Information	Description
Manager DN	Distinguished name that identifies the manager's profile in the directory; for example: cn=unimgr, enterprisename=jnpr, ou=local, retailername=default, o=users, o=umc
Manager principle	Manager's fully qualified log-in principle for logging in to the enterprise portal. For example, the equivalent principle for the Manager DN above is: unimgr@jnpr/local.default
Operation time	Time when the corresponding operation was successfully completed.

Information

Description

Manager DN

Distinguished name that identifies the manager's profile in the directory; for example:

cn=unimgr, enterprisename=jnpr, ou=local, retailername=default, o=users, o=umc

Manager principle

Manager's fully qualified log-in principle for logging in to the enterprise portal. For example, the equivalent principle for the Manager DN above is: unimgr@jnpr/local.default

Operation time

Time when the corresponding operation was successfully completed.

Table 2 describes the events that an audit plug-in listener can listen for and the information reported in those events.

Table 2: Events Reportable to the Audit Plug-In

Event	IT Manager Action That Initiates Event	Information Reported
ManagerLoginEvent	Logs in to an enterprise service portal.	Common information only.
ManagerLogoutEvent	Logs out of an enterprise service portal.	Common information only.
SubscribeAuditEvent	Subscribes to a service.	Common information plus: DN of the new subscription object in the directory. Attributes of the new subscription, including sspState, sspAction, and parameterSubstitution.
UnsubscribeAuditEvent	Unsubscribes from a service.	Common information plus: DN of the subscription object removed from the directory. Attributes of the removed subscription, including sspState, sspAction, and parameterSubstitution.
SubscriberUpdateAuditEvent	Changes the parameterSubstitution attribute of a subscriber object, such as adding or removing a substitution from the IT manager's enterprise object.	Common information plus: DN of the subscriber object that is changed. Attributes changed in the operation, including the old values and new values of the attributes.
SubscriptionUpdateAuditEvent	Changes the parameterSubstitution attribute of a subscription object; suspends, resumes, activates, or deactivates a subscription.	Common information plus: DN of the subscription object that is changed. Old and new values of the changed attributes: parameterSubstitution attribute when subscriber object is changed. sspState attribute when subscription is suspended or resumed. sspAction attribute when subscription is activated or deactivated.
ServiceOpStateAuditEvent	Changes the operational state of a session. NOTE: Because changing the operational state of the session—such as dynamically activating or deactivating a subscription session—does not change the directory entry, the change is not persistent, and the subscription session returns to its administrative state after the subscriber's interface is restarted. Changes to the administrative state of a subscription are reported with the SubscriptionUpdateAuditEvent.	Common information plus: DN of the subscriber that owns the subscription session. The subscriber must be a leaf in the subscriber tree in the enterprise scenario. DN of the subscription object where the subscription session comes from. Operational state of the session after the IT manager's action.
ExportAuditEvent	Exports a VPN.	Common information plus: DN of VPN that is exported. DN of the subscriber to which the VPN is exported.
UnexportAuditEvent	Cancels the export of a VPN.	Common information plus: DN of VPN for which export is canceled. DN of the subscriber for which export of the VPN was canceled.