Novell Home

Logging from Other Servers

Novell Cool Solutions: Tip
By Jason Doering

Rate This Page

Reader Rating  stars  from 1 ratings

Digg This - Slashdot This

Posted: 22 Nov 2004 		 

Here are some timely tips for Novell Audit from one of our Forum experts, Jason Doering. The topic: logging from additional servers.

We are having a problem: Only the logging server can log. We have aduitds and auditnw loaded on the other servers and we went through the napauditconfig. Any help ... would help.

Log Settings

Make sure you have edited the SYS:etc\logevent.cfg file on the other servers. The IP address of the logging server needs to be entered in the logevent.cfg file on each of the other servers.

You should also adjust the other settings as needed. One recommendation I ran across is to reduce the reconnect interval from 600 (10 minutes) to 60 (1 minute). The audit agent needs to be restarted to re-read the file. As an example, here is what I use:

LogHost=10.x.x.1
LogCacheDir=SYS:ETC\logcache
LogCacheSecure=Y
LogSigned=Always
LogReconnectInterval=60

Note that the signing will only work correctly if you have the full license and have created your application certificates. Read the documentation chapter on Security and Non-Repudiation for certificate instructions.

Platform Agent Configuration

If you get either of the following errors, it means your platform agent can't reach the SLS (Secure Logging Server) engine:

"Novell Audit Platform Agent: Failing primary connection for application NetwareInst."

"Novell Audit Platform Agent: Failing primary connection for application eDirinst."

Your configuration should look like this:

Name SLSSRV1 OtherSrv1 OtherSrv2 OtherSrvX
Server IP 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.x
logevent.cfg 127.0.0.1 10.0.0.2 10.0.0.2 10.0.0.2

The SLS server is at IP 10.0.0.2. Its logevent.cfg points to itself. The first other server is at IP 10.0.0.3. Its logevent.cfg has the IP of the SLS server. Any other servers have their own IP addresses, and all logevent.cfg files point to the SLS server.

Other Troubleshooting Steps

  • Be sure to run auditstp.ncf and auditagt.ncf after changing the logevent.cfg file or changing the logging options. These settings are only read when the platform agent and application components load.
  • Make sure the other servers can ping the SLS server.
  • Make sure the NSure modules are the same version across every server. Especially check any 6.5 servers, as SP2 will overwrite the modules with 1.0.1 versions if Novell Audit 1.0.2 is installed before SP2. 1.0.1 and 1.0.2 logs are in a much different schema. I found this out the hard way after I applied NW65SP2 to my SLS server and MySQL became very upset about the different schema.

Reader Comments

  • This page is incorrect. It state that the only reason one should be getting the errors listed are if the agent cant reach the SLS. I get those errors while using the loopback (127.0.0.1) so obviously something else is causing the errors. Or, the agents are unable to connect while on the same box.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

Novell® Making IT Work As One

© 2008 Novell, Inc. All Rights Reserved.