208 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
6.1.4 XML output of native audit events
When using native Tivoli Access Manager auditing, audit events are captured in
the audit trail in a standard format using the Extensible Markup Language (XML)
elements. XML is only an intermediary step to delivering a presentation view of
the data. The XML file is in ASCII format and can be read directly or passed to
other external parsing engines for further analysis.
An entire audit trail does not represent a single XML document. Each audit event
within the file is written as an isolated XML data block. Each data block conforms
to the rules of standard XML syntax.
6.2 Common Auditing and Reporting Service
Access Manager can be configured to send audit data to existing file-based audit
subsystem, the Common Auditing and Reporting Service (CARS), or both. The
Common Auditing and Reporting Service subsystem transports and stores audit
events to a common audit database that can be used to support operational
reports from Crystal Enterprise or any other reporting tool. Common Auditing and
Reporting Service also provides the capability to stage audit data to
customizable report tables.
6.2.1 Audit infrastructure
An audit infrastructure provides the mechanisms to submit, centrally collect, and
persistently store and report on audit data, and it satisfies the previously
mentioned requirements to manage audit data. The IBM Tivoli Common Auditing
and Reporting Service component leverages the
Common Base Event and the
technologies to provide an audit infrastructure.
The Common Base Event is a common format for events proposed by IBM and
submitted to the Organization for the Advancement of Structured Information
Standards (OASIS) for standardization. (For more information on OASIS, see
The purpose of the Common Base Event is to facilitate effective
intercommunication among disparate components within an enterprise. In order
to effectively process audit data, it needs to be in a standard format, and the
Common Auditing and Reporting Service component requires the audit data to
be in the Common Base Event format.
The Common Event Infrastructure (CEI) is an IBM strategic event infrastructure
for submission, persistent storage, query, and subscription of Common Base
Events. The Common Auditing and Reporting Service component uses the CEI