8.3 Selecting Logged Events

The Novell Audit logging instrumentations allow you to select which events you want to log to your data store. The following sections review how to configure specific logging Instrumentation’s events:

8.3.1 Configuring eDirectory Events

The eDirectory Instrumentation for Novell Audit (auditDS) allows Novell Audit to log eDirectory events to the Novell Audit database. The eDirectory Instrumentation can log events from the following versions of the directory:

  • eDirectory 8.7 (NetWare, Windows, Linux, and Solaris)

  • eDirectory 8.8 (NetWare, Windows, Linux, and Solaris)

To log eDirectory events, the eDirectory Instrumentation must be loaded on every server where you want to log eDirectory events. For more information on the eDirectory Instrumentation, see eDirectory Instrumentation in the Novell Audit 2.0 Administration Guide.

After you have installed the eDirectory Instrumentation, you must determine which eDirectory events you want to log to your data store. For a listing of the eDirectory events that can be logged to Novell Audit, see eDirectory Events in the Novell Audit 2.0 Administration Guide.

In previous versions of Nsure™ Audit, the eDirectory events were configured on the NCP Server object. Therefore, administrators were required to configure every NCP Server object where they wanted to log eDirectory events.

Novell Audit 2.0 now allows administrators to create a global filter in the eDirectory Instrumentation object that determines which eDirectory events the Platform Agents send to the Secure Logging Server. However, administrators must still enable the eDirectory events on the NCP Server object.

The following sections review how to configure eDirectory events on both the NCP Server object and the eDirectory Instrumentation:

8.3.2 Configuring NetWare and File System Events

The NetWare Instrumentation for Novell Audit (auditNW) allows Novell Audit to log NetWare and file system events. The NetWare Instrumentation can log NetWare and file system events from NetWare 6.5.

To log NetWare or file system events, the NetWare Instrumentation must be loaded on every server where you want to log NetWare and file system events. For more information on the NetWare Instrumentation, see NetWare and File System Instrumentations in the Novell Audit 2.0 Administration Guide.

After you have installed the NetWare Instrumentation, you must determine which NetWare and file system events you want to log to the data store. For a listing of the NetWare and file system events that can be logged to Novell Audit, see NetWare Events and File System Events in the Novell Audit 2.0 Administration Guide.

In previous versions of Nsure Audit, the NetWare and file system events were configured on the NCP Server object. Therefore, administrators were required to configure every NCP Server object where they wanted to log NetWare or file system events.

Novell Audit 2.0 now allows administrators to create a global filter in the NetWare Instrumentation object that determines which NetWare and file system events the Platform Agents send to the Secure Logging Server. However, administrators must still enable the NetWare and file system events on the NCP Server object.

NOTE:If you want to filter events on a volume or directory level, you can create Notification filters that select events based on the volume or directory listed in the Text2 field.

The following sections review how to configure NetWare and file system events on both the NCP Server object and the NetWare Instrumentation:

8.3.3 Configuring Novell Audit Events

The Novell Audit Instrumentation (NsureAuditInst) audits Novell Audit events. It is automatically installed with the Secure Logging Server to provide an “audit the auditor” event trail. By reviewing the Novell Audit Instrumentation events, you can determine if your logging server is performing the way you expect. For example, the Novell Audit Instrumentation can log an event every time the Secure Logging Server loads a Channel, Notification, or Application object. It can also log an event each time a Channel driver fails to load or when there is a bad Heartbeat or Notification configuration. For more information on the Novell Audit Instrumentation, see Novell Audit Instrumentation in the Novell Audit 2.0 Administration Guide.

The Novell Audit Instrumentation object in eDirectory allows you to manage which Novell Audit events are logged. For information on configuring the Novell Audit instrumentation, see Configuring Novell Audit Events in the Novell Audit 2.0 Administration Guide.

8.3.4 Configuring Windows Events

To log Windows events, the Windows Instrumentation (nauditwin) must be loaded on every server where you want to log Windows events. The Novell Audit Windows instrumentation runs as a service on Windows 2000, XP, and 2003. It collects events from the Event Viewer and sends them to the Secure Logging Server for processing by Novell Audit. For more information on the Windows Instrumentation, see Windows Instrumentation in the Novell Audit 2.0 Administration Guide.

The Windows Instrumentation object in eDirectory allows you to manage which Windows events the Platform Agents send to the Secure Logging Server. For information on configuring the Windows Instrumentation, see Configuring Windows Events in the Novell Audit 2.0 Administration Guide.