This section provides a description of the following new features available in Novell Audit 2.0.
Novell Audit 2.0 includes a Windows* instrumentation that runs as a service on Windows 2000, XP, and 2003. The Novell Audit Windows instrumentation collects events from the following Windows log files and sends them to the Secure Logging Server for processing by Novell Audit:
The Novell Audit Log Parser harvests events from text-based log files such as syslog, Apache error logs, and Novell Application Launcher™ logs. Events are parsed and formatted in Novell Audit event structure so the events can be processed by Novell Audit. The simple user interface allows administrators to quickly integrate new application data in Novell Audit. For more information on the Log File Parser, see Section 5.4.5, Log Parser Instrumentation.
The JMS channel is implemented as a JMS Producer client application. It receives event messages from Novell Audit’s event notification system, maps the event information into JMS messages, then sends them to a JMS Destination. JMS Consumer applications can then retrieve the JMS messages from the Destination. For more information on the JMS channel, see Section 6.8, JMS.
The Monitor channel provides logging system statistics in iManager. Each Secure Logging Server object includes the tab as one of its attributes. The Monitor tab provides the following information:
NOTE:The number of events logged per second is averaged over a three-second interval.
For detailed information on all the options in the Secure Logging Server tab, see Section 4.2.4, Logging Server Statistics. For information on configuring the Monitor channel, see Section 6.10, Monitor.
In previous versions of Nsure™ Audit, all event filtering took place at the Secure Logging Server. That is, Notification filters were configured and implemented on the Secure Logging Server. Platform Agents, on the other hand, did not have any filtering mechanism. They sent all logged events to the Secure Logging Server.
Novell Audit 2.0 allows administrators to implement event filters at the Platform Agent using each logging application’s associated Application object. Pushing event filtering down to the Platform Agent minimizes traffic between the Platform Agent and the Secure Logging Server, reduces the load the on the Secure Logging Server, and conserves disk space in the central data store.
For more information on filtering events at the Platform Agent, see Section 5.3, Application Object Attributes.