How does FIM logging work? Can it use syslog? We are looking at integrating the FIM logs with LogLogic.

FIM logs to several places: Application event log Forefront Identity Manager event log Sync and Service Service can log to a trace file (debugging purposes) Portal logs information regarding requests in it's DB What information are you looking to log? Information regarding the execution/status of run profiles? or requests in the portal? A bit more info would be convenient. http://setspn.blogspot.com

I am interested in security related logging, not debugging. Logging of access and changes made to FIM sync and service settings, of changes to data content through the portal as well as the sync service. Thank you.

Greon, Did you have a look at the Requests page? That's where the FIM service is keeping track of the changes made to the system. Cheers, PaoloPaolo Tedesco - http://cern.ch/idm

I am trying to estimate various costs related to integrating FIM in our environment. I am trying to understand what would it take to integrate FIM logs with LogLogic. Whether FIM can use syslog standard. Thank you.

Logging isn't simple. Create, Delete and Modify operations are all logged as Request resources within the database. These provide an audit trail when consumed and managed correctly. Reading is different. Read and Enumerate requests aren't logged in the request log. Permissions are assessed and access granted accordingly. Therefore you must log access to the site itself, which is a function of WSS/IIS/Windows, i.e. security auditing and the IIS logging. Whether or not WSS has additional or alternative options I don't know. There's no direct OOB options for intergrating the Requests with anything. If you want to collate the Request resources elsewhere you're going to need to write some WCF code.

"Logging isn't simple. Create, Delete and Modify operations are all logged as Request resources within the database. These provide an audit trail when consumed and managed correctly." Can you tell me where this logs information is stored and how I can access it via a program or script? Are they store in a SQL DB?

I'm not 100% sure about the required permissions, but suppose you are an Administrator within the portal. You can find this information below the "requests" section. You should be able to follow up on pretty much everything wich happens in the portal. Is this information stored in a SQL DB... Well ofcourse. Can you connect directly to those related tables. I don't think so. My best guess would be to explore the possibilities of Technet: Export-FIMConfig I'm not sure you can access logged requests using that way though.http://setspn.blogspot.com