Quote Originally Posted by aortiz1 View Post
Hi, i have two main questions,

Identity Manager 4.7.2

1) In one test environment i have Sentinel 8.2 with Universal CEF Collector 2011.1r2 and eDirectory Collector 2011.1r10, All my eDirectory events are recieved and parsed through eDirectory Collector and not Universal CEF Collector while Identity Manager and User Application log pretty easily with the Universal CEF Collector. Why does Sentinel still parses eDirectory events through eDirectory Collector?

2) In the client's environment we have Sentinel 8.1 and no way of knowing the versions of the collectors but i see that eDirectory events are not being parsed correctly.
Is there a way to solve this situation? can i get eDirectory events to be parsed through Universal CEF Collector?

Thank you so much in advance
IDM 4.7.2 made improvements to CEF for the main IDM Engine and UserApp components to support full ArcSight CEF certification. I don't know all the specifics as to why eDirectory was not considered in that scope, but one of the main side effects of improving the data mappings to achieve that certification was the elimination of a lot of complexity in the event structure that made it necessary to have a dedicated driver for that product.

To answer (2) - The answer is that it's probably 50/50 if the Universal CEF collector would be beneficial without the eDirectory product taking the time to review their CEF events and ensuring the mapping and usage is at least at the standards used by Arcsight, if not also certified. the Identity Manager team maintains the collectors for both IDM and eDirectory, so escalating through your support path should enable you to get those parsing issues addressed one way or another. If you find using the Universal CEF collector beneficial in terms of reducing the number of collectors you manage, I would also recommend you provide that feedback separately as well.