12.7 Configuring Novell Audit
There are three separate tasks to complete in order to configure Novell Audit.
12.7.1 Creating a Channel
-
Log in to iManager by using the following information:
-
Username: admin.admins.system
-
Password: n0v3ll (or the password you chose)
-
Tree: 172.17.2.117
-
-
Select .
-
Browse to and select the Metaserver1 Logging Server object in the Logging Services container, then click .
The full context of the object is Metaserver1 Logging Server.Logging Services.
-
Select the tab, then select Channels container.
-
Select .
-
Specify the channel name as naudit and the channel type as MySQL Channel, then click .
-
Click the naudit channel object.
-
Configure the new channel by entering the following information into the fields:
Fields
Information
172.17.2.117
Make sure to use a real IP address here and not localhost. If you enter localhost, the SLS tries to connect through a local socket rather than the IP address, which would require additional configuration steps.
naudit
This is the name you specified in the Audit database.
NAUDITLOG
auditusr
This is the user you created when setting up the database.
n0v3ll
This is the password you specified when you created the database and granted the user access to it.
Leave this field empty.
clienttimestamp<(unix_timestamp()-259200);
This expires records older than 3 days (259200 seconds.)
00:00
-
Click to save the information.
-
Select the tab, then select .
-
In the field, browse to and select the naudit channel object.
The full context for the object is naudit.Channels.Logging Services.
-
Select the option, then click to save the configuration changes.
-
Leave iManager open.
-
Proceed to Section 12.7.2, Configuring the Platform Agent.
12.7.2 Configuring the Platform Agent
-
To configure the platform agent, select from the menu.
-
Log in as root by entering su, then enter the root password.
-
Use the following commands to verify whether the Secure Logging Server (SLS) runs before or after the user application and ndsd in run-level 3 during the system start procedure.
Ultimately, you must ensure that naudit starts after ndsd and userapp.
NOTE:The first command uses the lowercase letter l twice. It is not the number 11.
metaserver1:/home/admin # ll /etc/init.d/rc3.d/ |grep naudit lrwxrwxrwx 1 root root 10 2008-05-16 16:26 K11novell-naudit -> ../novell-naudit lrwxrwxrwx 1 root root 10 2008-05-16 16:26 S11novell-naudit -> ../novell-naudit
metaserver1:/home/admin # ll /etc/init.d/rc3.d/ |grep userapp lrwxrwxrwx 1 root root 10 2008-05-16 16:26 K12userapp -> ../userapp lrwxrwxrwx 1 root root 10 2008-05-16 16:26 S10userapp -> ../userapp
metaserver1:/home/admin # ll /etc/init.d/rc3.d/ |grep ndsd lrwxrwxrwx 1 root root 7 2008-05-16 13:23 K12ndsd -> ../ndsd lrwxrwxrwx 1 root root 7 2008-05-16 13:23 S10ndsd -> ../ndsd
Watch the SXX numbers (S11novell-naudt, S10userapp, and S10ndsd) that are prefixed to the script name. They indicate the start order. A higher number means the service is started after a lower number. If the numbers are the same, both services are started at the same time.
In this case, naudit runs after userapp and ndsd, which is what you want. Enter the following commands as a corrective action if the userapp number is the same or lower than the ndsd number:
metaserver1:/home/admin # mv /etc/init.d/rc3.d/S10novell-naudit /etc/init.d/rc3.d/S12novell-naudit
-
Verify the startup order for run-level 5 (the same commands as Step 3, but instead of rc3.d, you now use rc5.d):
metaserver1:/home/admin # ll /etc/init.d/rc5.d/ |grep userapp lrwxrwxrwx 1 root root 10 2008-05-16 16:26 K11novell-naudit -> ../novell-naudit lrwxrwxrwx 1 root root 10 2008-05-16 16:26 S11novell-naudit -> ../novell-naudit
metaserver1:/home/admin # ll /etc/init.d/rc5.d/ |grep userapp lrwxrwxrwx 1 root root 10 2008-05-16 16:26 K12userapp -> ../userapp lrwxrwxrwx 1 root root 10 2008-05-16 16:26 S10userapp -> ../userapp
metaserver1:/home/admin # ll /etc/init.d/rc5.d/ |grep ndsd lrwxrwxrwx 1 root root 7 2008-05-16 13:23 K12ndsd -> ../ndsd lrwxrwxrwx 1 root root 7 2008-05-16 13:23 S10ndsd -> ../ndsd
Enter the following commands as a corrective action if the novell-naudit number is the same or lower than the ndsd number:
metaserver1:/home/admin # mv /etc/init.d/rc5.d/S10novell-naudit /etc/init.d/rc5.d/S12novell-naudit
-
Enter gedit /etc/logevent.conf to edit the platform agent configuration file.
-
Change the parameter from LogHost=Not Configured or 127.0.0.1 to LogHost=172.17.2.117.
-
Select to save the changes, then select to exit.
-
Restart your Secure Logging Server by entering /etc/init.d/novell-naudit restart.
-
Enter exit twice to log out as root and to close the Gnome Terminal.
12.7.3 Connecting to the Novell Audit Database
-
To configure the Audit plug-ins to connect to your naudit database so you can look at the logged events from within iManager, select > , then click .
-
Provide the necessary connection information in the fields:
Fields
Information
Audit Log
This is how you want this data source to be listed in iManager
com.mysql.jdbc.Driver
jdbc:mysql://172.17.2.117/naudit
Make sure to use a real IP address here.
NAUDITLOG
auditusr
n0v3ll
Select this option if you don't want to enter the password every time you run a query.
However, by selecting this option you also allow others the ability to run queries. Carefully consider your choice.
-
Test the database connectivity and make sure there are logged events in the NAUDITLOG table.
-
Select > from the Roles and Tasks list.
-
Select the check box next to , then select to return records from the last Secure Logging Server restart.
-
-
Exit iManager.
-
Proceed to Section 13.0, Removing Temporary Files after Installation.