The Platform Agent, logevent, is the client portion of the Novell® auditing system. It receives logging information and system requests from Identity Manager and transmits the information to either Novell Audit or Novell® Sentinel™.
The Platform Agent is automatically installed if either the Novell Identity Manager 3.5.1 Installation Guide.
or option is selected during the Identity Manager install. For more information on the Identity Manager installation, see theIMPORTANT:The Platform Agent must be installed on every server running Identity Manager if you want to log Identity Manager events.
Figure 3-1 Identity Manager Installation
After you install Identity Manager, you can configure the Platform Agent. The Platform Agent’s configuration settings are stored in a simple, text-based configuration file, logevent. By default, logevent is located in the following directories:
Table 3-1 Platform Agent Configuration File
Operating System |
File |
---|---|
NetWare® |
SYS:/etc/logevent.cfg |
Linux |
/etc/logevent.conf |
Solaris* |
/etc/logevent.conf |
Windows* |
/Windows_Directory/logevent.cfg The Windows_Directory is usually drive:\windows. |
The following is a sample logevent.cfg file.
LogHost=127.0.0.1 LogCacheDir=c:\logcache LogCachePort=288 LogEnginePort=289 LogCacheUnload=no LogReconnectInterval=600 LogDebug=never LogSigned=always
The entries in the logevent file are not case sensitive, entries can appear in any order, empty lines are valid, and any line that starts with a hash (#) is commented out.
The following table provides an explanation of each setting in the logevent file.
IMPORTANT:You must restart the Platform Agent any time you make a change to the configuration.
Table 3-2 logevent Settings
Setting |
Description |
---|---|
LogHost=dns_name |
The host name or IP address of the Novell Audit Secure Logging Server or the Novell Sentinel Audit Server where the Platform Agent sends events. In an environment where the Platform Agent connects to multiple hosts—for example, to provide load balancing or system redundancy—separate the IP address of each server with commas in the LogHost entry. For example, LogHost=192.168.0.1,192.168.0.3,192.168.0.4 The Platform Agent connects to the servers in the order specified. Therefore, if the first logging server goes down, the Platform Agent tries to connect to the second logging server, and so on. For more information on configuring multiple hosts, see |
LogCacheDir=path |
The directory where the Platform Agent stores the cached event information if the Novell Audit Secure Logging Server or Novell Sentinel Audit Server becomes unavailable. |
LogEnginePort=port |
The port at which the Platform Agent can connect to the Novell Audit Secure Logging Server or the Novell Sentinel Audit Server. By default, this is port 289. |
LogCachePort=port |
The port at which the Platform Agent connects to the Logging Cache Module. If the connection between the Platform Agent and the Secure Logging Server or Novell Sentinel Audit Server fails, Identity Manager continues to log events to the local Platform Agent. The Platform Agent simply switches into Disconnected Cache mode; that is, it begins sending events to the Logging Cache module (lcache). The Logging Cache module writes the events to the Disconnected Mode Cache until the connection is restored. When the connection to the Novell Audit Secure Logging Server or the Novell Sentinel Audit Server is restored, the Logging Cache Module transmits the cache files to the Secure Logging Server. To protect the integrity of the data store, the Secure Logging Server validates the authentication credentials in each cache file before logging its events. |
LogCacheUnload=Y|N |
Set to N to prevent lcache from being unloaded. |
LogCacheSecure=Y|N |
Set the parameter to Y to encrypt the local cache file. |
LogReconnectInterval=seconds |
The interval, in seconds, at which the Platform Agent and the Platform Agent Cache try to reconnect to the Novell Audit Secure Logging Server or Novell Sentinel Audit Server if the connection is lost. |
LogDebug=Never|Always|Server |
The Platform Agent debug setting.
NOTE:The Server option applies only to Novell Audit systems. |
LogSigned=Never|Always|Server |
The signature setting for Platform Agent events. IMPORTANT:Novell Sentinel can receive and map Audit signatures to a Novell Sentinel event field; however, Novell Sentinel does not currently verify event signatures.
NOTE:The Server option applies only to Novell Audit systems. For more information on event signatures, see |
LogMaxBigData=bytes |
The maximum size of the event data field. The default value is 3072 bytes. Set this value to the maximum number of bytes the client allows. Data that exceeds the maximum is truncated or not sent if the application doesn’t allow truncated events to be logged. |
LogMaxCacheSize=bytes |
The maximum size, in bytes, of the Platform Agent cache file. |
LogCacheLimitAction=stop logging|drop cache |
The action that you want the cache module to take when it reaches the maximum cache size limit.
|
For complete information on the Novell Audit Platform Agent, see Configuring the Platform Agent
in the Novell Audit 2.0 Administration Guide.