0
Completed

FIM Event Broker-driven monitoring of FIM environments

Bob Bradley 5 years ago • updated by anonymous 3 years ago 5

I have been trialing the use of Windows Event Log subscription emails as per my post here. Lately @ CSODBB these have proven very useful in early detection of issues such as unexpected 3rd party Identity Broker connector outages, or unexpected AD activity (scripted updates of AD accounts causing unexpected sync load). I mentioned this to Shane Day and he suggested I put in a feature request, so here it is.

I envisage an extension to Event Broker in several independent/complementary ways:

  1. New change detection feature for Windows Event logs (potentially subscriber-push notifications) - these would complement the existing file changes detection for monitoring FIM and related logging;
  2. Enhanced file logging to allow the specification of filtering in the log file in a similar way to what is possible with Event Logs - idea is that you may want to subscribe to only certain entry types in a file log (note that for Identity Broker this would be achievable already by specifying a Windows event logger instead, but other services that write file logs may not have this option);
  3. an SMTP email operation (yes you can do this in PowerShell now, but with some thought you could use a wizard automate the creation of a PowerShell plugin with use of Cmdlets to provide basic parameter-driven email notifications);
  4. enhanced log reading capabilities to improve searches;
  5. enhanced log presentation capabilities (UI) to map occurrences of specified event filters over time for a range of log files - including Event Broker's own log files)

All of the above require more thought, but I'm really thinking of how to create something to improve the quality of our own UNIFY health checks, initially by providing an enhanced, more responsive service, but secondly improving the product's own capabilities to attract the market that was once there for NetPro's (now Quest's possibly defunct) Mission Control for ILM.


quest_missioncontrol_datasheet.pdf

One of many FIM Forum posts on the subject of a "scheduler for ILM", where the Mission Control product gets a mention.

Hi Bob Bradley, is the first item still something that makes sense and would be useful? If so, are you able to expand on that point a bit?

The other points I agree completely, and will be addressed when we improve logging as a whole.

Thanks.

Adam van Vliet - I don't have a specific use case for this right now, no. At the time of this post I was considering using Event Broker to send SMTP notifications. Not sure I was thinking of trying to run any sync activities ...

I think this thought was mainly about a discovery of the capability, rather than a specific application of the idea.

That said, there have been several scenarios that cropped up in the past 10 years (especially with the Security logs on AD domain controllers) which have suggested that they could be valuable event sources, and with so many applications logging info to various event logs these days I am sure that we could come up with something.

Perhaps park it for now and we could post the question on Yammer to see if anyone has any use for this now.

Thanks Bob Bradley, migrated to Visual Studio Online to preserve.

Migrated to Visual Studio Online.