Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring an Enterprise Service Portal Audit Plug-In

    The SRC software provides a sample event listener, DefaultAuditEventListener. You can use the sample listener, customize it, or use the information in the sample to create another audit plug-in. The sample event listener and its documentation is in the SDK+AppSupport+Demos+Samples.tar.gz file on the Juniper Networks website at: https://www.juniper.net/support/products/src/index.html#sw. You can locate the application in the directory /SDX/doc/ent/plugindoc/net/juniper/smgt/ent/plugin. The sample listener sends output to a log file. The documentation for the plug-in is also in the SDK+AppSupport+Demos+Samples.tar.gz file in the folder /SDX/doc/ent/plugindoc. You can also find the documentation on the Juniper Networks website at https://www.juniper.net/techpubs/software/management/src/api-index.html.

    If you create an audit plug-in, you add the plug-in class to the WAR file for the enterprise service portal.

    Table 1 shows the common information that is provided by every enterprise service portal audit plug-in event.

    Table 1: Common Audit Plug-In Information

    Information

    Description

    Manager DN

    Distinguished name that identifies the manager's profile in the directory; for example:

      cn=unimgr, enterprisename=jnpr, ou=local, retailername=default, o=users, o=umc

    Manager principle

    Manager's fully qualified log-in principle for logging in to the enterprise portal. For example, the equivalent principle for the Manager DN above is: unimgr@jnpr.local/default

    Operation time

    Time when the corresponding operation was successfully completed.

    Table 2 describes the events that an audit plug-in listener can listen for and the information reported in those events.

    Table 2: Events Reportable to the Audit Plug-In

    Event

    IT Manager Action That Initiates Event

    Information Reported

    ManagerLoginEvent

    Logs in to an enterprise service portal.

    Common information only.

    ManagerLogoutEvent

    Logs out of an enterprise service portal.

    Common information only.

    SubscribeAuditEvent

    Subscribes to a service.

    Common information plus:

    • DN of the new subscription object in the directory.
    • Attributes of the new subscription, including sspState, sspAction, and parameterSubstitution.

    UnsubscribeAuditEvent

    Unsubscribes from a service.

    Common information plus:

    • DN of the subscription object removed from the directory.
    • Attributes of the removed subscription, including sspState, sspAction, and parameterSubstitution.

    SubscriberUpdateAuditEvent

    Changes the parameterSubstitution attribute of a subscriber object, such as adding or removing a substitution from the IT manager's enterprise object.

    Common information plus:

    • DN of the subscriber object that is changed.
    • Attributes changed in the operation, including the old values and new values of the attributes.

    SubscriptionUpdateAuditEvent

    Changes the parameterSubstitution attribute of a subscription object; suspends, resumes, activates, or deactivates a subscription.

    Common information plus:

    • DN of the subscription object that is changed.
    • Old and new values of the changed attributes:
    • parameterSubstitution attribute when subscriber object is changed.
    • sspState attribute when subscription is suspended or resumed.
    • sspAction attribute when subscription is activated or deactivated.

    ServiceOpStateAuditEvent

    Changes the operational state of a session.

    Note: Because changing the operational state of the session—such as dynamically activating or deactivating a subscription session—does not change the directory entry, the change is not persistent, and the subscription session returns to its administrative state after the subscriber's interface is restarted. Changes to the administrative state of a subscription are reported with the SubscriptionUpdateAuditEvent.

    Common information plus:

    • DN of the subscriber that owns the subscription session. The subscriber must be a leaf in the subscriber tree in the enterprise scenario.
    • DN of the subscription object where the subscription session comes from.
    • Operational state of the session after the IT manager's action.

    ExportAuditEvent

    Exports a VPN.

    Common information plus:

    • DN of VPN that is exported.
    • DN of the subscriber to which the VPN is exported.

    UnexportAuditEvent

    Cancels the export of a VPN.

    Common information plus:

    • DN of VPN for which export is canceled.
    • DN of the subscriber for which export of the VPN was canceled.

    Modified: 2016-05-27