I always install the platform agent and the instrumentation on each
eDirectory server, select "do not send replicated events" in iManager
and everything works fine.

But that also means that somebody has to maintain the platform agent and
the instrumentation package on each server when upgrading for example.

If one would just configure one (1) eDirectory server to audit all
events to Sentinel by deselecting the "do not send replicated events"
checkbox, instead of auditing individual servers, what kind of problems
would one get?

For example, changes to objects and attributes would probably be OK
since they are replicated?

But who would be perpetrator in those events? The actual account that
performed the event or the server?

What happens to NCP and LDAP login events that happen on other servers?
I assume nothing?

Basically I'm trying to convince myself that the way I do it now is the
correct way... Opinions?