<?xml version="1.0" encoding="UTF-8"?>

<chapter xml:id='chap-auditing'

xmlns='http://docbook.org/ns/docbook'

version='5.0' xml:lang='en'

xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'

xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd'

xmlns:xlink='http://www.w3.org/1999/xlink'

xmlns:xinclude='http://www.w3.org/2001/XInclude'>

<title>Auditing</title>

<para>This chapter presents best practices to keep in mind when integrating and extending OpenIDM services in your organization.</para>

<sect1>

<title>Introduction</title>

<para>The auditing facility can publish and log all relevant system activity to the desired targets. This includes the data from reconciliation as a basis for reporting, as well as detailed activity logs to capture operations on the internal (managed) and external (system) objects.</para>

</sect1>

<sect1>

<title>Log Types</title>

<itemizedlist>

<listitem>

<para>Activity log</para>

<para>Logs operations on the internal (managed) and external (system) objects.</para>

</listitem>

<listitem>

<para>Reconciliation log</para>

<para>Logs the results of a reconciliation run, including the assessed situation, and the action taken as a result. Details of the action can be queried from the activity log, where the log entry will display a parent activity id of recon/[reconid].</para>

</listitem>

</itemizedlist>

</sect1>

<sect1>

<title>Related Activities, Transactions</title>

<para>Where an action is done in the context of a higher level business function, such as an object update as a result of synchronization for a given object mapping, the log entry will point to a parent activity to give that context. These relationships are hierarchical, for example this synchronization could have been a result of a scheduled reconciliation for an object type. As a convenience aside from the parent activity, the top level root activity is logged with each entry to quickly query all related activities.</para>

</sect1>

</chapter>