1.1 New Features

This section contains a listing of the new features available in the latest version of Nsure Audit.

1.1.1 eDirectory Instrumentation Enhancements

Several enhancements were made to the eDirectory™ instrumentation. These include the ability to:

  • Choose between inline and journal logging of events. Inline mode logs events during the actual eDirectory process as they occur. Journal mode logs events in a separate thread, so the actual eDirectory process is not interrupted. Journal mode does not incur as much performance overhead, however, if the eDirectory server goes down, events in the journal that have not been processed are lost.
  • Use an advanced grouping mechanism to group events related to an operation, providing easier searching and browsing of events. Events are now grouped by eDirectory transaction, which enables you to use the drill down feature of the Nsure Audit Report Application (LReport) to view all events associated with a transaction.
  • Store the previous value of an eDirectory change. For example, when an attribute is deleted in eDirectory, Nsure Audit logs a delete attribute event in which the previous attribute value is stored in the data field of the event.
  • Show a previous state of eDirectory before a change, based on logged information. For example, when a user is deleted from eDirectory, Nsure Audit logs a series of delete attribute events and a delete object event. Each of these events is grouped using the advanced grouping mechanism, making it easy to drill-down and view all events relating to this transaction. If it was later determined that this user was erroneously deleted, all removed attributes and their values could be retrieved from Nsure Audit, and the object could be reconstructed.
  • Present attribute data in human-readable form. In previous versions, this information was in a binary format that was more difficult to access.

1.1.2 New Event Fields

Several additional fields were added to the Nsure Audit event structure to enhance querying and reporting. The Nsure Audit event structure now contains fields to report the originator of an event, the target and subcomponent affected by the event, as well as additional text and value fields.

1.1.3 Installation Enhancements

The installation has been enhanced on all supported platforms to provide more flexible, integrated installs. You now have the option of installing components individually, configuring the Platform Agent during install, and installing the Nsure Audit iManager plug-in during the process.

1.1.4 Microsoft SQL Server Support

The Nsure Audit Secure Logging Server now has the ability to store events in the Microsoft* SQL Server database. The Nsure Audit iManager plug-in has been updated to support establishing this connection.

1.1.5 Additional Supported Platforms

The Secure Logging Server now supports Windows* 2003 Server, RedHat* AS and ES.

1.1.6 JDBC Log Channel

The JDBC* Log Channel Driver has been enhanced to support any JDBC-enabled database, enabling you to log events to a number of different data stores supporting JDBC.

1.1.7 iManager Query and Verification Builder

The Query and Verification Builder interface in iManager has received several enhancements, including the ability to use custom macros in SQL queries. These custom macros make is simple to convert from hex to decimal, use IP addresses in queries, and reference the Nsure Audit table name using a keyword.

You can now also perform lightweight event verifications using the iManager interface.

1.1.8 Event Cache Limit

The Platform Agent now has additional parameters, contained in logevent.cfg, enabling you to specify the maximum size of the Nsure Audit event cache, and specify the action Nsure Audit takes when this limit is reached (stop logging, drop cache, or generate a warning).

1.1.9 Optional Expanded Event Data Field

The Platform agent has an additional parameter, contained in logevent.cfg, enabling you to specify the maximum size of the data field for each event. This option provides additional flexibility for applications logging events to Nsure Audit, as they can use an expanded event data field to increase the amount of information that can be stored with each event.

This increased size is optional, so applications not requiring this functionality can leave this off for increased performance.