Novell Audit, Now and in the Future
Novell Cool Solutions: Feature
Digg This -
Posted: 22 Nov 2004
Here's a look at the features and capabilities of Novell Audit, both today and in the near future. For the complete BrainShare presentation (IO162), click here.
Current Customer Challenges
- Logging - Organizations are still struggling to effectively centralize logs across the organization at all levels. The disparity of systems in use (desktop OS, server OS, business applications, etc.) makes it difficult to provide effective coverage. Log collection is non-uniform and unsecured.
- Auditing - Due to unsecured, non-uniform, disparity of system coverage and the ability to correlate and simplify event data, identifying risks and demonstrating policy compliance is a challenge.
- Notification and Real-Time Monitoring - Event notification and alerts are time-consuming to create and maintain due to disparate and diverse systems.
- Reports - Effective normalization, correlation and writing of reports writing is difficult to implement.
Novell Audit vs. Other Logging Systems
Novell Audit offers integration with Novell products. As Novell's official audit product, Novell Audit collects events from the broadest set of Novell products (and the list is growing).
Data integrity and security are well-supported. Event signing and event chaining protect the integrity of logged data, making it forensically robust (non-repudiative).
Policy enforcement means that unauthorized changes to eDirectory values are detected and reset to appropriate values, as specified by company policy.
Notifications are supported. Administrators can be notified in real-time through a variety of methods if suspicious activity occurs or if logging applications go down.
Real-time system monitoring tools are available. Administrators can build easy-to-read, dynamic dashboards with monitoring applications or Web services. Reporting and analysis tools include pre-written Crystal reports, an SQL queries wizard, iManager plug-ins, and LETrans.
Universal Auditing Infrastructure
Novell Audit Today
An instrumented system is a physical computer where one or more applications are generating and sending log events to the logging server, although they never receive events. Instrumented systems can have one or more IP addresses and one or more processors.
A secure logging server is the central server where all log events are collected and acted upon.
Novell Audit Supported Platforms
Note: Platforms marked by asterisks will be supported in a future release.
|Platform Agent||Secure Logging Server||Monitoring App|
|Windows 2000 SP3||Windows 2000, SP3||Windows 2000 SP3|
|Windows 2003 Server||Windows 2003||Windows XP|
|Windows XP||Windows XP||.|
|NetWare 4.2||NetWare 5.1|
|NetWare 5.1||NetWare 6, SP2|
|NetWare 6.0||NetWare 6.5||.|
|NetWare 6.5||Solaris 8, 9|
|RH Linux 7.3||Red Hat 7.3|
|RH Linux 8||Red Hat 8.0||.|
|RH Ent. Linux AS8||Red Hat Enterprise Linux AS8||.|
|*RH Ent. Linux (v3) WS, ES, AS||*Red Hat Enterprise Linux (v3) WS, ES, AS|
|SUSE Linux 8.1|
|*SUSE Linux 8.2|
|*SUSE Linux 9|
Novell Audit Agent Instrumentations
|Server OS||Desktop OS||Applications|
|Novell NetWare 4.2||*MS Windows 2000 Professional||Novell DS 6, 7, 8|
|Novell NetWare 5.x||*MS Windows XP Professional||Novell eDirectory 8.x|
|Novell NetWare 6.x||*SUSE Linux Pro 9||Novell iChain 2.2 SP2|
|*MS Windows Server 2003||*SUSE Linux Pro 8.2||Novell DirXML 2.0|
|*SUSE Linux 8.1||*RedHat Entperise Linux v3 WS||Novell BorderManager 3.8|
|*SUSE Linux 9||*Novell SecureLogin|
|*Redhat Enterprise Linux v3||*Novell GroupWise|
|*Solaris 8||*Novell ZENworks|
|*Solaris 9||*Microsoft Active Directory|
|*Microsoft SQL Server|
|*Microsoft Exchange Server|
|*Microsoft IIS Server|
|*Microsoft ISA Server|
|*Lotus Notes/Domino Server|
|*75+ different web, proxy and email servers, firewall, routers and caching engines|
Novell Audit Tomorrow
Here are some of the key elements of Novell Audit going forward:
- Centralized configuration, management and deployment
- Dramatic addition of new instrumented systems
- Policy-based management of platform agents
- Multi-tiered event filtering
- Event pattern recognition with increased alert and notification channels
- Management console plug-ins
- Enhanced reporting capabilities
- Instrumented System Category Groups - Some instrumentations will aggregate existing logs while other will maintain close integration.
- Secure Filtering Server (SFS) - Edge and mid-point deployable servers to enforce event filtering policies to enable event roll-up to logging servers.
- Secure Logging Server (SLS) - The central server where all log events are collected.
High-Level Feature Comparison
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com