Logging from Other Servers
Novell Cool Solutions: Tip
By Jason Doering
Digg This -
Posted: 22 Nov 2004
Here are some timely tips for Novell Audit from one of our Forum experts, Jason Doering. The topic: logging from additional servers.
We are having a problem: Only the logging server can log. We have aduitds and auditnw loaded on the other servers and we went through the napauditconfig. Any help ... would help.
Make sure you have edited the SYS:etc\logevent.cfg file on the other servers. The IP address of the logging server needs to be entered in the logevent.cfg file on each of the other servers.
You should also adjust the other settings as needed. One recommendation I ran across is to reduce the reconnect interval from 600 (10 minutes) to 60 (1 minute). The audit agent needs to be restarted to re-read the file. As an example, here is what I use:
LogHost=10.x.x.1 LogCacheDir=SYS:ETC\logcache LogCacheSecure=Y LogSigned=Always LogReconnectInterval=60
Note that the signing will only work correctly if you have the full license and have created your application certificates. Read the documentation chapter on Security and Non-Repudiation for certificate instructions.
Platform Agent Configuration
If you get either of the following errors, it means your platform agent can't reach the SLS (Secure Logging Server) engine:
"Novell Audit Platform Agent: Failing primary connection for application NetwareInst."
"Novell Audit Platform Agent: Failing primary connection for application eDirinst."
Your configuration should look like this:
The SLS server is at IP 10.0.0.2. Its logevent.cfg points to itself. The first other server is at IP 10.0.0.3. Its logevent.cfg has the IP of the SLS server. Any other servers have their own IP addresses, and all logevent.cfg files point to the SLS server.
Other Troubleshooting Steps
- Be sure to run auditstp.ncf and auditagt.ncf after changing the logevent.cfg file or changing the logging options. These settings are only read when the platform agent and application components load.
- Make sure the other servers can ping the SLS server.
- Make sure the NSure modules are the same version across every server. Especially check any 6.5 servers, as SP2 will overwrite the modules with 1.0.1 versions if Novell Audit 1.0.2 is installed before SP2. 1.0.1 and 1.0.2 logs are in a much different schema. I found this out the hard way after I applied NW65SP2 to my SLS server and MySQL became very upset about the different schema.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com