3.3 Logging to OpenXDAS

To use OpenXDAS for logging events, you must install, configure, then enable OpenXDAS in the User Application. To learn about:

3.3.1 Using OpenXDAS with Sentinel

To use OpenXDAS with Sentinel, you must configure the netstream logger. The netstream logger is undocumented, but it is required to send XDAS audit messages to a Sentinel server. The netstream logger does not perform any encryption, so the stream needs to be secured in another way (for example, SSH tunnel).

You must specify netstream entries in the xdasd.conf file for the loggers, server and port. For example on Linux:

xdasd.loggers=/user/lib(64)/openxdas/libxdm_netstream.so
xdasd.loggers.netstream.server = 151.155.226.50
xdasd.loggers.netstream.port = 1468

On Windows, the server and port entries are the same, but the location of the xdasd.loggers entry is different. For example, on Windows:

xdasd.loggers=c:\Program Files\OpenXDAS\Loggers\xdm_netstream.dll
xdasd.loggers.netstream.server = 151.155.226.50
xdasd.loggers.netstream.port = 1468

NOTE:On Windows, you must move the xdasd.conf file to the c:\windows folder. If you do not, the xdasd.exe is unable to locate it.

3.3.2 Enabling OpenXDAS Logging in the User Application

You can enable OpenXDAS logging in your Identity Manager User Application in two ways:

  • Select OpenXDAS as a logging option during the installation procedure.

  • Enable OpenXDAS logging using the User Application Administration tab (described next).

  1. Log in to the User Application as the User Application Administrator.

  2. Select the Administration tab.

  3. Select the Logging link.

  4. Select the Also send logging messages to OpenXDAS check box (near the bottom of the page).

  5. To save the changes for any subsequent application server restarts, make sure Persist the logging changes is selected.

  6. Click Submit.

    NOTE:To enable logging for Role events, the Role Service driver Generate audit events property must be selected. For more information on this property, see Section 2.9.1, Role Service Driver Configuration.

3.3.3 Troubleshooting

If you enable OpenXDAS logging, but the OpenXDAS daemon is not running, the User Application fails to start. View the xdasd.log to verify that XDAS started successfully or to determine the reason for an unsuccessful start.

If you stop OpenXDAS and restart it, you must also stop and restart the User Application. If you do not restart the User Application, the connection between OpenXDAS and the User Application is lost so no User Application events are logged.

Table 3-1 Commands for Starting/Stopping the XDASD daemon/service

Action

Command

To start XDAS

xdasd -s

To stop XDAS

xdasd - x