Novell Documentation: Novell Audit 2.0

5.4 Instrumentations

An Instrumentation provides the Application object, the schema file (*.lsc), and the code that a logging application requires to log events to Novell Audit. The following applications are instrumented for Novell Audit:

NetMail
NetWare
Windows
Novell Secret Store
Novell Identity Manager
eDirectory
iChain
iManager

The following section describes the instrumentations that are included with Novell Audit.

For instrumentations not documented in this manual, please refer to the logging application’s respective documentation for more information on the instrumentation.

5.4.1 eDirectory Instrumentation

The eDirectory Instrumentation for Novell Audit, auditDS, allows Novell Audit to log eDirectory events to the Novell Audit database. The eDirectory Instrumentation can log events from the following versions of the directory:

eDirectory 8.7 (NetWare, Windows, Linux, and Solaris)
eDirectory 8.8 (NetWare, Windows, Linux, and Solaris)

Novell Audit 2.0.1 can log events from multiple instances of eDirectory on Linux and Solaris. When you install Novell Audit 2.0.1, it detects if eDirectory 8.8 is installed and configures each instance of eDirectory to run the eDirectory instrumentation.

NOTE:Novell Audit 2.0.1 does not separately install the eDirectory instrumentation for each eDirectory instance; rather it creates a symbolic link to a single installation of the auditDS libraries.

To support event signing and chaining—otherwise known as non-repudiation of data—you must bind each eDirectory instance to its own IP address. If you are not using the event signing and non-repudiation feature, you can have multiple instances of eDirectory on a single IP address.

Novell Audit 1.0.3P3 or greater and Novell Audit 2.0 log events only from a single instance of eDirectory 8.8.

To log eDirectory events, the eDirectory Instrumentation (auditDS) must be loaded on every server where you want to log eDirectory events. On NetWare, auditDS.nlm is loaded each time the server is started from the autoexec.ncf. On Linux and Solaris systems, auditds is added to nds-modules.conf and starts each time the ndsd service is started. On Windows, auditDS is not configured to start logging automatically. You can enable this service from the eDirectory console in the Windows Control Panel. For information on starting the eDirectory Instrumentation, see Instrumentation Startup Commands.

Configuring eDirectory Events

In previous versions of Nsure™ Audit, the eDirectory events were configured on the NCP Server object. Therefore, administrators were required to configure every NCP Server object where they wanted to log eDirectory events.

Novell Audit 2.0 now allows administrators to create a global filter in the eDirectory Instrumentation object that determines which eDirectory events the Platform Agents send to the Secure Logging Server. However, administrators must still enable the eDirectory events on the NCP Server object.

The following sections review how to configure eDirectory events on both the NCP Server object and the eDirectory Instrumentation:

For a listing of eDirectory events that can be logged to Novell Audit, see Section B.1, eDirectory Events.

IMPORTANT:eDirectory events such as login and logout are ubiquitous and can quickly fill your data store. Therefore, you should monitor your system’s event traffic and configure your data store’s expiration or roll policies accordingly. For information on the MySQL channel’s expiration properties, see MySQL Channel Object. For information on configuring the File channel to purge or roll its log files, see File Channel Object.

Configuring eDirectory Events on the NCP Server Object

IMPORTANT:If you are running multiple instances of eDirectory, you must enable the eDirectory events on the NCP Server object in each tree.

During installation, Novell Audit extends the definition of the NCP Server object to include log settings for eDirectory, NetWare, and file system events. These settings are found under the Novell Audit property tab in the NCP Server object.

Figure 5-1 Edirectory Events in the NCP Server Object

The Novell Audit page has four different menus: Server, NetWare, Filesystem, and eDirectory. The Server menu identifies the Logging Server object associated with the current NCP Server object. This menu is for informational purposes only and cannot be modified. The NetWare, Filesystem, and eDirectory menus list the events that fall in their respective categories.

To select which eDirectory events you want to log on the current server:

Click Novell Audit in the NCP Server object.
Select the eDirectory menu.
Enable the eDirectory events you want to log on the current server:
- To enable all eDirectory events, click Select All.
  You can create a global filter on the eDirectory Instrumentation that limits which events are actually logged to the data store.
- To select specific events, select the check box next to the individual events you want to log.

Set the Global Settings:

Global Setting	Description
Do Not Send Replicated Events	Prevents logging duplicate entries for eDirectory events in a replica ring. You might want to enable this option to reduce the potential log size. To log non-replicated events (such as logins), auditDS must be installed on each server where you want to log non-replicated events.
Register for Events Inline	Requires eDirectory events to be sent to the Secure Logging Server before eDirectory completes the transaction. NOTE:This option doesn’t apply to the following three events: DSA Read List Subordinates Read Attribute

When finished, click Apply > OK.

After you click OK, there might be a slight delay before the logging server begins logging the selected events.

You do not need to restart the logging server to effect changes to Novell Audit attributes in the NCP Server object.

eDirectory events are partition-specific; that is, they only need to be enabled on one NCP Server object per partition.

Configuring eDirectory Events in the eDirectory Instrumentation

Through the eDirectory Instrumentation object in eDirectory, you can control which events the Platform Agents send to the Secure Logging Server. Essentially, the eDirectory Instrumentation allows you to create a global eDirectory event filter that is applied to every Platform Agent in the Novell Audit system.

NOTE:If you are running multiple instances of eDirectory, the eDirectory Instrumentation object is created in the eDirectory tree on the Secure Logging Server. This object controls which eDirectory events all eDirectory trees send to the Secure Logging Server.

To select which eDirectory events you want all Platform Agents to log to the Secure Logging Server:

Click Events in the eDirectory Instrumentation object.
Select the check box next to the eDirectory events you want all Platform Agents to log to the Secure Logging Server:
Select Allow checked events to be logged to enable the events selected in the eDirectory Instrumentation.

IMPORTANT:The event settings on the NCP Server object are the master settings. If you do not configure the eDirectory Instrumentation, all events enabled in the NCP Server object are logged. However, if you enable events in the eDirectory Instrumentation but not the NCP Server object, then no events are logged. If you enable events in both the eDirectory Instrumentation and the NCP Server object, only events enabled in both locations are logged.
When finished, click Apply > OK.

IMPORTANT:You must restart the Secure Logging Server to implement the changes to the eDirectory Instrumentation.

5.4.2 NetWare and File System Instrumentations

The NetWare Instrumentation for Novell Audit, auditNW, allows Novell Audit to log NetWare and file system events. The NetWare Instrumentation can log NetWare and file system events from NetWare 5.0 systems and higher.

To log NetWare or file system events, the NetWare Instrumentation must be loaded on every server where you want to log NetWare and file system events. AuditNW is automatically loaded each time the server restarts. For information on starting the NetWare Instrumentation, see Instrumentation Startup Commands.

Configuring NetWare and File System Events

In previous versions of Nsure Audit, the NetWare and file system events were configured on the NCP Server object. Therefore, administrators were required to configure every NCP Server object where they wanted to log NetWare or file system events.

Novell Audit 2.0 now allows administrators to create a global filter in the NetWare Instrumentation object that determines which NetWare and file system events the Platform Agents send to the Secure Logging Server. However, administrators must still enable the NetWare and file system events on the NCP Server object.

NOTE:If you want to filter events on a volume or directory level, you can create Notification filters that select events based on the volume or directory listed in the Text2 field.

The following sections review how to configure NetWare and file system events on both the NCP Server object and the NetWare Instrumentation:

For a listing of NetWare events that can be logged to Novell Audit, see Section B.3, NetWare Events. For a listing of File System events that can be logged to Novell Audit, see Section B.2, File System Events.

Configuring NetWare and File System Events on the NCP Server Object

Figure 5-2 NetWare Events in the NCP Server Object

To select which NetWare and file system events you want to log:

Click Novell Audit in the NCP Server object.
Select the NetWare or Filesystem menu.
Enable the NetWare and file system events you want to log on the current server:
- To enable all events, click Select All.
  You can create a global filter on the NetWare Instrumentation that limits which events are actually logged to the data store.
- To select specific events, select the check box next to the individual events you want to log.
When finished, click Apply > OK.

After you click OK, there might be a slight delay before the logging server begins logging the selected events.

NOTE:You do not need to restart the logging server to effect changes to Novell Audit attributes in the NCP Server object.

NetWare and File System events are server-specific settings; that is, they must be enabled on each NCP Server object in the tree.

Configuring NetWare and File System Events in the NetWare Instrumentation

Through the NetWare Instrumentation object in eDirectory, you can control which events the Platform Agents send to the Secure Logging Server. Essentially, the NetWare Instrumentation allows you to create a global NetWare and file system event filter that is applied to every Platform Agent in the Novell Audit system.

To select which NetWare and file system events you want all Platform Agents to log to the Secure Logging Server:

Click Events in the NetWare Instrumentation object.
Select the check box next to the NetWare and file system events you want all Platform Agents to log to the Secure Logging Server:
Select Allow checked events to be logged to enable the events selected in the NetWare Instrumentation.

IMPORTANT:The event settings on the NCP Server object are the master settings. If you do not configure the NetWare Instrumentation, all events enabled in the NCP Server object are logged. However, if you enable events in the NetWare Instrumentation but not the NCP Server object, then no events are logged. If you enable events in both the NetWare Instrumentation and the NCP Server object, only events enabled in both locations are logged.
When finished, click Apply > OK.

IMPORTANT:You must restart the Secure Logging Server to implement the changes to the NetWare Instrumentation.

5.4.3 Novell Audit Instrumentation

The Novell Audit Instrumentation (NsureAuditInst) audits Novell Audit events. It is automatically installed with the Secure Logging Server to provide an “audit the auditor” event trail. By reviewing the Novell Audit Instrumentation events, you can determine if your logging server is performing the way you expect. For example, the Novell Audit Instrumentation can log an event every time the Secure Logging Server loads a Channel, Notification, or Application object. It can also log an event each time a Channel driver fails to load or when there is a bad Heartbeat or Notification configuration.

Configuring Novell Audit Events

The Novell Audit Instrumentation object in eDirectory allows you to manage which Novell Audit events are logged. For a listing of Novell Audit events, see Section B.4, Novell Audit Events.

To select which Novell Audit events you want all Platform Agents to log to the Secure Logging Server:

Click Events in the Novell Audit Instrumentation object.
Select the check box next to the Novell Audit events you want all Platform Agents to log to the Secure Logging Server:
Select Allow checked events to be logged to enable the events selected in the Novell Audit Instrumentation.
When finished, click Apply > OK.

IMPORTANT:You must restart the Secure Logging Server to implement the changes to the Novell Audit Instrumentation.

5.4.4 Windows Instrumentation

To log Windows events, the Windows Instrumentation, nauditwin, must be loaded on every server where you want to log Windows events. The Novell Audit Windows instrumentation runs as a service on Windows 2000, XP, and 2003. It collects events from the Event Viewer and sends them to the Secure Logging Server for processing by Novell Audit.

Configuring Windows Events

The Windows Instrumentation object in eDirectory allows you to manage which Windows events the Platform Agents send to the Secure Logging Server.

To select which Windows events you want all Platform Agents to log to the Secure Logging Server:

Click Events in the Windows Instrumentation object.
Select the check box next to the Windows events you want all Platform Agents to log to the Secure Logging Server:
Select Allow checked events to be logged to enable the events selected in the Windows Instrumentation.
When finished, click Apply > OK.

IMPORTANT:You must restart the Secure Logging Server to implement the changes to the Windows Instrumentation.

After the Windows Instrumentation is installed, you must enable Windows auditing.

IMPORTANT:To configure auditing for a domain, you must be on a domain controller.

To configure your Windows auditing policy:

(Optional) In a domain environment, use the Domain Controllers Security Policy administrative tool to enable auditing for the domain.
Go to the Control Panel and select Administrative Tools.
Select one of the following Security Policy administrative tools to configure your system audit policy:
- Use the Local Security Policy administrative tool to define the audit policy for an individual computer within a domain or any system that is not part of a domain.
  
  NOTE:If the machine has only Windows installed, the Local Security Policy is the only option available.
- Use the Active Directory Users and Computers administrative tool to define the audit policy for an organizational unit within a domain environment.
- Use the Active Directory Sites and Services administrative tool to define the audit policy for an entire domain.
Define the audit policy.

Audit policy is applied in the same order as group policy. (Group policy hierarchy is listed in the Group Priority dialog box of the System Policy Editor.) If there is a policy conflict, the most recently applied policy overrides a previously applied policy.

After you have defined the Windows audit policy, the Windows Instrumentation logs every event enabled in the audit policy.

If you don’t see a Windows event logged in Novell Audit, check the Windows Event Viewer to see if the event has been logged in Windows. If the event doesn’t appear in the Event Viewer, it will not be logged in Novell Audit.

5.4.5 Log Parser Instrumentation

The Log Parser Instrumentation harvests events from text-based log files such as syslog, Apache error logs, and Novell Application Launcher™ logs. Events are parsed one line at a time and formatted in the Novell Audit event structure. Parsing text-based log files allows Novell Audit to process and log events from applications that are not currently instrumented for Novell Audit.

NOTE:The Log Parser Instrumentation does not currently handle multi-byte characters.

The Log Parser is not designed to consolidate information from multiple lines into a single event. Therefore, for the Log Parser Instrumentation to parse a text-based log file, each line must end in either a carriage return or line feed. For more information of Novell Audit event structure, see Section A.1, Event Structure.

To configure log parsing, you must identify the servers where the text logs are located, identify the log files, and identify the lines in the log files that you want to parse into events. These tasks are discussed in the following sections.

Managing Hosts

To configure log parsing, you must first create at least one host. A host is a server that contains one or more text-based log files that you want to parse.

The Hosts page allows you to create and manage host servers. To access the Hosts page, click Instrumentation in the Logfile Parser Instrumentation object.

Figure 5-3 Hosts Page

The following table reviews the options in the Hosts page:

Table 5-2 Hosts Page Options

Option	Description
New	Creates a new host server. For information on this procedure, see Defining a Host Server.
Edit	Allows you to modify the selected host’s information.
Delete	Deletes the selected host.
Address	The IP address or DNS name of the server where one or more log files reside.
Total Log Files	The total number of log files that reside on the host.
Description	The host server description. The description is created when the host is defined.

Defining a Host Server

In the Logfile Parser Instrumentation, click Instrumentation.
In the Hosts page, click New to define a new host server.
In the New Host dialog box, provide the following information:
1. In the Address field, specify the IP address or DNS name of the server where the log file resides.
2. In the Description field, provide a description of the host server, such as the server name.
Click OK.

Managing Logfiles

After you create a host, you must define the log files from which you want to harvest events.

The Logfiles page allows you to create and manage log files. To access the Logfiles page, go to the Logfile Parser Instrumentation page, then click the IP address or host name of the server where the log file resides.

Figure 5-4 Logfiles Page

The following table reviews the options in the Logfiles page:

Table 5-3 Logfiles Page Options

Option	Description
New	Creates a new log file. For information on this procedure, see Defining a Log File. NOTE:Novell Audit dedicates a separate thread to schedule and parse each log file you define.
Edit	Allows you to modify the selected log file’s information.
Delete	Deletes the selected log file.
Import	Imports an existing log file definition and its associated line readers. If you define a log file and line readers that you want to use on another machine or share with an associate, you can export log files defined in the Logfile Parser Instrumentation, then import them on another machine as a new log file, or you can replace an existing log file with the same name. To import an existing log file: Click Import and select the XML configuration file that contains the log file configuration. When the XML file is imported, the Logfile Parser compares the filename of the imported log file with the filenames of all currently defined log files. If a match is found, the imported log file automatically replaces the existing log file. Click OK.
Export	Exports the selected log file to the default location specified by the browser you are using to access iManager. The export process creates an XML file from the log file and line reader configuration. To export a log file: Select a log file, then click Export. Specify the filename without a file extension. The .xml extension is automatically added to the file. Click OK. IMPORTANT:If you are using Internet Explorer in the Windows XP environment, you must first enable the Automatic prompting for file downloads and File Download features in Internet Explorer before you can export a log file. To enable the Automatic prompting for file downloads and File Download features in Internet Explorer: In Internet Explorer, click Tools > Internet Options. In the Options menu, go to the Security tab, then click Custom Level. In the Downloads section, enable Automatic prompting for file downloads and File Download, then click OK. Click OK again to exit the Internet Options menu.
Identifier	A unique name for the target log file. The Identifier is defined when you create the log file.
Location	The directory location and filename of the log file on the target system. For example, the location of the Syslog file on Red Hat and SUSE® systems is typically /var/log/messages. The Location is defined when you create the log file.
Description	A description of the log file. The Description is defined when you create the log file.

Defining a Log File

In the Logfile Parser Instrumentation, click Instrumentation.
Click the IP address or host name of the server where the log file resides.
In the Log File page, click New to define the log file from which you want to harvest events.

In the New Logfile dialog box, provide the following information:

Item	Description
Logfile Configuration
Identifier	A unique name for the target log file. This is not the log file filename. You can specify any name that you want.
Location	The directory location and filename of the log file on the target system. For example, the location of the syslog file on RedHat and SUSE is generally /var/log/messages. IMPORTANT:You cannot use wildcard characters, such as * or !.
Description	A description of the log file, such as Application 1 Log File.
Logfile Harvest Options
Read log daily at	Specifies the hour of each day at which the log parser reads the log file.
Read log interval every	Specifies the interval in hours, minutes, or seconds of each day in which the log parser reads the log file. Select the number of hours, minutes, or seconds from the drop-down lists.

Click OK.

Managing Line Readers

After you create a host and a log file, you must create a line reader. A line reader identifies a specific line in the log file and defines what to do with the line. The line can be discarded or parsed into an event that is logged in the Novell Audit data store.

NOTE:Before you define line readers, we recommend you familiarize yourself with the Novell Audit event structure. For more information, see Section A.1, Event Structure.

The Line Readers page allows you to create and manage line readers. To access the Line Readers page, go to the Logfile page, then click the log file where you want to define a line reader.

Figure 5-5 Line Readers Page

The following table reviews the options in the Line Readers page:

Item	Description
New	Creates a new line reader. For information on this procedure, see Defining a Line Reader.
Edit	Allows you to modify the selected line reader’s information.
Delete	Deletes the selected line reader.
Event ID	A number (0-999) which uniquely identifies each event. The Event ID is defined when you create the line reader. For more information on how Novell Audit uses Event IDs, see Section A.1, Event Structure.
Parse Type	Specifies how the line is processed: Discard designates that all matching lines are to be discarded without sending an event to the host. Tokenizer indicates that the line is parsed with a modified string tokenizer. Fixed Position designates a fixed position parser. That is, each section in the line is defined by a fixed start and end position. The Parse Type is defined when you create the line reader.
Component	The event source. This is generally defined as the log file filename. When the line is parsed into a Novell Audit event, the information provided in this field displays in the event’s Component field. For more information on how Novell Audit uses the Component field, see Section A.1, Event Structure.
Description	A description of the line reader. The Description is defined when you create the line reader.

Defining a Line Reader

In the Logfile Parser Instrumentation, click Instrumentation.
Click the IP address or host name of the server where the log file resides.
In the Log File page, click the log file where you want to define the line reader.
In the Line Reader page, click New.

The Line Reader wizard launches.
Complete the Line Reader wizard to define the Line Reader.

The Log Parser Instrumentation uses the information defined in the Line Reader to select specific lines in the text-based log file and either ignore them or parse them into events that can be logged to the Novell Audit data store.

The following sections walk you through each step in the wizard:

Step 1: Line Reader Configuration

The first step in the Line Reader wizard is the Line Reader Configuration. In this page, you define the parameters the Log Parser Instrumentation needs to identify a specific line in the log file. You also determine how the Log Parser Instrumentation processes the line and define the event identifiers.

Figure 5-6 Line Reader Configuration Page

The following table reviews each option in the Line Reader Configuration page:

Table 5-4 Line Reader Configuration Page Options

Option	Description
Parse Type	The Parse Type defines how the Log Parser Instrumentation processes the line. Discard: Discards all matching lines without sending an event to the host. Tokenizer: Parses the line with a modified string tokenizer. Select this type if the start and end of each log line varies. Fixed Position: Designates a fixed position parser, with each section defined by a fixed start and end position in the line. Select this type if the start and end of each log line is constant.
Description	Textual information about the line reader.
(Conditional) Event ID	A number (0-999) which uniquely identifies each event. For more information on how Novell Audit uses Event IDs, see Section A.1, Event Structure. Use this field only for Tokenizer and Fixed Position parse types.
(Conditional) Component	The event source. This is generally defined as the log file filename. When the line is parsed into a Novell Audit event, the information provided in this field displays in the event’s Component field. For more information on how Novell Audit uses the Component field, see Section A.1, Event Structure. Use this field only for Tokenizer and Fixed Position parse types.
Regular Expression	The regular expression the Log Parser Instrumentation uses to identify the line in the log file. When the Log Parser Instrumentation finds a match, the line is processed as defined in the Parse Type field. If the Parse Type is Tokenizer or Fixed Position, the Log Parser Instrumentation parses each line section defined in the Step 3: Section page into the event fields defined in the Step 2: Hardcoded Fields page.

Step 2: Hardcoded Fields

The second step in the Line Reader wizard is defining the event fields. If the Parse Type defined in Step 1 is Tokenizer or Fixed Type, the Log Parser Instrumentation parses the line into the event fields defined in this page.

The fields in the Hardcoded Fields page are equivalent to the fields defined in Novell Audit events. For more information on Novell Audit event structure, see Section A.1, Event Structure.

All hardcoded fields are optional.

NOTE:The log parser does not currently handle multi-byte characters.

Figure 5-7 Hardcoded Fields Page

The following table reviews each option in the Hardcoded Fields page:

Table 5-5 Hardcoded Field Page Options

Option	Description
Severity	The severity of the reported event. Emergency events cause the system to shut down. Alert events require immediate attention. Critical events might cause parts of the system to malfunction. Error events are errors that can be handled by the system. Warnings are negative events that do not represent a problem. Notices are positive or negative events that an administrator can use to understand or improve the use and operation of the current system. Info represents positive events of any importance. Debug events are used by support technicians or engineers to debug the current system.
Grouping	An ID that can be used to identify related events.
Originator	Who or what caused the event to happen.
Originator Type	The predefined format for the originator. Defined values for this type are currently: 0: None 1: Slash Notation 2: Dot Notation 3: LDAP Notation
Target	The event target. All eDirectory events store the event’s object in the Target field.
Target Type	The predefined format for the target. Defined values for this type are currently: 0: None 1: Slash Notation 2: Dot Notation 3: LDAP Notation
Subtarget	The event subtarget. All eDirectory events store the event’s attribute in the Sub Target field.
Text1	The value of this field depends upon the event. It can contain any text string up to 255 characters. The Text1 field is vital to the function of the CVR driver. For more information, see CVR Channel Driver.
Text2	The value of this field depends upon the event. It can contain any text string up to 255 characters. The Text2 field is vital to the function of the CVR driver. For more information, see CVR Channel Driver.
Text3	The value of this field depends upon the event. It can contain any text string up to 255 characters.
Value1	The value of this field depends upon the event. It can contain any numeric value up to 32 bits.
Value2	The value of this field depends upon the event. It can contain any numeric value up to 32 bits.
Value3	The value of this field depends upon the event. It can contain any numeric value up to 32 bits.
Mime Hint	Identifies the type of data contained in the Data field.
Data	The value of this field depends upon the event. The default size of this field is 3072 characters.

Step 3: Section

The third step in the Line Reader wizard is defining which line sections parse to which event fields. In this page, you provide the information the Log Parser Instrumentation needs to identify specific sections of the line and you associate each line section with one of the event fields defined in Step 2: Hardcoded Fields. The Log Parser Instrumentation uses this information to parse text-based line data into an event that can be stored in the Novell Audit database.

To add more than one section, click Plus Sign . To delete a section, click Minus Sign at the section you want to delete.

Figure 5-8 Section Page

The following table reviews each option in the Section page:

Field	Description
Separator	The character that separates the data in the line, such as a space. To enter a space, press the Spacebar.
Separator Skip	The number of characters that separate the data in a line, such as two spaces. Select a number from 0-10.
Event Field	Specifies the Novell Audit event field in which you want to store this section of the line. You select any of the fields listed in the Hardcoded Fields page, or you can select Discard to not use this section.
(Conditional) Integer Syntax	If you want to store line section data in one of the Novell Audit integer fields, such as Target type, you must specify the integer syntax. The Log Parser Instrumentation uses the integer syntax to convert the string to an integer. The Integer Syntax options are as follows: Number 32bit (signed) Number 32bit (unsigned) Hexadecimal Number RFC-822 format date/time IPv4 Internet Address (network order) IPv4 Internet Address (host order) Boolean (Yes/No) Boolean (True/False)

Step 4: Summary

The Summary page reviews the information that you provided during the Line Configuration Wizard. To modify any of the information, click Back to return to the applicable page and make the necessary modifications. When you have provided the correct information, click Finish.

Figure 5-9 Summary Page