Novell Doc: Identity Manager Role Mapping Administrator 1.0 Installation and Configuration Guide - Installing and Configuring the Platform Agent

7.2 Installing and Configuring the Platform Agent

The Platform Agent communicates with the Novell Audit Connector. The Platform Agent allows the events from the Role Mapping Administrator to be audited by Sentinel. You must install and configure the Platform Agent for auditing to work.

If either eDirectory™ or Identity Manager are installed on the same server as the Role Mapping Administrator, then the Platform Agent might already be installed. Check to see if the /etc/logevent.conf file exists. If it does exist, then you don’t need to install the Platform Agent. If the Platform Agent is installed, you might need to change the configuration of the Platform Agent.

If you don’t have the Platform Agent installed, proceed to Section 7.2.1, Installing the Platform Agent. If you have the Platform Agent installed, proceed to Section 7.2.2, Configuring the Platform Agent to verify your configuration is correct.

7.2.1 Installing the Platform Agent

Download the Novell Audit 2.0.2 Starter Pack for Linux from the Novell Product Download Web site.

The file name is Novell_Audit_202_Starter_Linux.tar.gz.
Extract the Novell_Audit_202_Starter_Linux.tar.gz file on the Role Mapping Administrator server.
Log in as root, then run the pinstall.lin file in the /download_directory/Linux directory.
Read through the license agreement by pressing the Spacebar, then enter Y to accept the licence agreement.
Enter P to install the Platform Agent.
Press Enter to finish the installation.
Proceed with Section 7.2.2, Configuring the Platform Agent.

7.2.2 Configuring the Platform Agent

After the Platform Agent is installed, you must configure the logevent.conf file. This file contains the configuration settings for the Platform Agent. The file is stored in the /etc directory.

There is a sample logevent.conf file included in the Role Mapping Administrator installation directory. This file can be copied to the /etc directory or merged with an existing file. The sample file contains the minimum parameters. Other parameters that are not included in this file might be required for your environment. Table 7-1 contains a list of all of the settings that can be used in the file.

As root, modify the /etc/logevent.conf file with the following minimum parameters:

LogHost=myserver.novell.com
LogJavaClassPath=/installation_directory/tomcat/naudit/NAuditPA.jar
LogCachePort=2881
LogCacheDir=/var/opt/novell/audit/auditcache
LogMaxBigData=8192

As root, create the /var/opt/novell/audit directory.

This directory might already exist. By default, the Platform Agent creates the cache files in the /var/opt/novell/naudit/cache directory and the nproduct.log file in the /var/opt/novell/naudit/directory. The cache files directory can be changed with the LogCacheDir parameter.
As root, change ownership of the /var/opt/novell/audit directory to the user that runs the Role Mapping Administrator. For example:

chown userid /var/opt/novell/audit
Execute the stop.sh script to stop the Role Mapping Administrator. The default location is /installation_directory/idmrmap/stop.sh.
Execute the start.sh script to start the Role Mapping Administrator. The default location is /installation_directory/idmrmap/start.sh.

Table 7-1 logevent Settings

Setting	Description
LogHost=dns_name	The hostname or IP address of the Event Source Server where the Platform Agent sends events. In an environment where the Platform Agent connects to multiple hosts—for example, to provide system redundancy—separate the IP address of each server with commas in the LogHost entry. For example, LogHost=192.168.0.1,192.168.0.3,192.168.0.4 The Platform Agent connects to the servers in the order specified. If the first logging server goes down, the Platform Agent tries to connect to the second logging server, and so on.
LogCacheDir=path	The directory where the Platform Agent stores the cached event information if the Event Source Server becomes unavailable.
LogEnginePort=port	The port where the Platform Agent can connect to the Event Source Server. By default, this is port 289.
LogCachePort=port	The port where the Platform Agent connects to the Logging Cache Module. If the connection between the Platform Agent and the Event Source Server fails, Identity Manager continues to log events to the local Platform Agent. The Platform Agent simply switches into Disconnected Cache mode; that is, it begins sending events to the Logging Cache module (lcache). The Logging Cache module writes the events to the Disconnected Mode Cache until the connection is restored. When the connection to the Event Source Server is restored, the Logging Cache Module transmits the cache files to the Event Source Server. To protect the integrity of the data store, the Event Source Server validates the authentication credentials in each cache file before logging its events. When running as a non-root user, the value must be greater than 1024.
LogCacheUnload=Y\|N	Set the parameter to N to prevent lcache from being unloaded.
LogCacheSecure=Y\|N	Set the parameter to Y to encrypt the local cache file.
LogReconnectInterval=seconds	The interval, in seconds, where the Platform Agent and the Platform Agent Cache try to reconnect to the Event Source Server if the connection is lost.
LogDebug=Never\|Always	The Platform Agent debug setting. Set to Never to never log debug events. Set to Always to always log debug events.
LogSigned=Never\|Always	The signature setting for Platform Agent events. IMPORTANT:Sentinel can receive and map Audit signatures to a Novell Sentinel event field; however, Novell Sentinel does not currently verify event signatures. Set it to Never to never sign or chain events. Set it to Always to always log events with a digital signature and to sequentially chain events.
LogMaxBigData=bytes	The maximum size of the event data field. The default value is 3072 bytes. Set this value to the maximum number of bytes the client allows. Data that exceeds the maximum is truncated or not sent if the application doesn’t allow truncated events to be logged.
LogMaxCacheSize=bytes	The maximum size, in bytes, of the Platform Agent cache file.
LogCacheLimitAction=stop logging\|drop cache	The action that you want the cache module to take when it reaches the maximum cache size limit. Set to stop logging if you want to stop collecting new events. Set to drop cache if you want to delete the cache and start over with any new events that are generated.
LogJavaClassPath	The location of the NAuditPA.jar lcache file. It must be the Platform Agent .jar file included with the Role Mapping Administrator. The default location is: /installation_directory/tomcat/naudit/NAuditPA.jar