The NetWare and eDirectory Instrumentations for Novell Nsure Audit (auditNW and nauditDS, respectively) allow Nsure Audit to log NetWare, eDirectory, and file system events.
For information on selecting which events you want Novell Nsure Audit to log, see Section 5.0, Logging eDirectory, NetWare, and File System Events.
To enable NetWare and file system logging, auditNW must be loaded on every server on which you want to log NetWare and file system events. To avoid receiving duplicate entries for eDirectory events, enable the do not sent replicated events option. To enable this, open the Nsure Audit tab of your NCP Server object and check the “Do not send replicated events” checkbox. To log non-replicated events (such as logins), it must be installed on each individual server for which you want to log non-replicated events.
Additionally, the Platform Agent must be installed on every server on which you want to log NetWare, file system, and eDirectory events. AuditNW and nauditDS automatically load the Platform Agent (logevent) to send events to the Secure Logging Server.
Typically, auditNW and nauditDS should be automatically loaded each time the server or workstation restarts. However, you can also manually load or unload the instrumentation files. The following sections review the instrumentation startup commands for NetWare, Windows, Linux, and Solaris systems.
NOTE:At server startup, the NetWare and eDirectory instrumentations should be loaded as soon as possible, but they must be loaded after TCP/IP.
On NetWare, the startup scripts for auditNW and nauditDS are included in the auditagt.ncf file. Auditagt.ncf is added to the server's autoexec.ncf file during installation. Therefore, the NetWare and eDirectory Instrumentations automatically load each time the server restarts.
If you want to prevent auditNW or nauditDS from being unloaded by users with access to the server console, you can append the -n switch to the agent startup scripts. (For example, load auditnw -n .)
To manually start the NetWare or eDirectory Instrumentation on NetWare, enter
load auditnw
or
load nauditds
To load both the NetWare and eDirectory Instrumentations, enter
load auditagt.ncf
To stop the NetWare and eDirectory Instrumentations on NetWare, enter
unload auditnw
unload nauditds
NOTE:auditnw.nlm, audit.ds, and auditagt.ncf are located in the sys:\system directory.
You must individually start or stop the instrumentations on each server in the tree.
On Windows, the eDirectory Instrumentation is managed through the Novell eDirectory Services utility. By default, the eDirectory Instrumentation must be manually loaded on one server per DS Replica.
To manually load or unload the eDirectory Instrumentation on Windows:
Load ndscons.exe.
ndscons.exe is usually in the \novell\nds\ directory.
In the list of installed services, select the Novell Nsure Audit Component.
Click Start or Stop.
To configure nauditDS.dlm to load each time the server restarts:
Load ndscons.exe.
ndscons.exe is usually in the \novell\nds\ directory.
In the list of installed services, select the Novell Nsure Audit Component.
Click Startup.
Mark the Automatic startup type, then click OK.
On Linux and Solaris systems, the eDirectory Instrumentation must be manually loaded on one server per DS Replica.
To manually start the eDirectory Instrumentation on Linux or Solaris, enter
ndstrace -c “load nauditds”
To manually stop the eDirectory Instrumentation on Linux or Solaris, enter
ndstrace -c “unload nauditds”
To automatically load the eDirectory Instrumentation each time the server restarts, add
nauditds auto #Nsure Audit Platform Agent
to /usr/lib/nds-modules/ndsmodules.conf.
NOTE:On Linux systems, the startup script is /etc/init.d/novell-naudit . On Solaris systems, the startup script is /etc/init.d/naudit .