With LT Auditor+ v8.0 for NetWare from Blue Lance, you can protect all the assets that you manage on your Novell® NetWare® servers-such as confidential information and intellectual property-from theft, disclosure and abuse by employees and contractors as well as outside hackers. This advanced security solution continually monitors the network events you specify and provides a secure, consolidated audit trail of all activities across your NetWare servers.

LT Auditor+ agents on NetWare servers collect real-time recordings of every event that takes place on every server that you specify. The agents monitor Novell eDirectory activity, file/directory activity, and login activity on the servers in real-time, and log the activities for auditing. You configure filters that specify which activities are to be monitored and logged.

The agents notify you immediately of any suspicious activities through SNMP alerts that can be directed to an SNMP Management Console. Using the comprehensive audit information logged by the agents, your security staff can quickly zero in on security breaches and act before your assets are compromised.

LT Auditor+ consolidates all the event logs, from all audited servers and workstations, into a secure consolidated database for enterprise-wide reporting. As a result, you get a big picture of your user and network activity and still have access to a fine level of detail.

LT Auditor+ software consists of two major software components:

• LT Auditor+. Installed on NetWare severs and Windows workstations. Performs the activity monitoring, logging and alerting functions for the servers and workstations on which it is installed. Also provides the capability to aggregate information from multiple agents into a single, consolidation database.
• LT Auditor+ Management Console. Installed on a Windows workstation. Provides a single point from which administrators can deploy and manage LT Auditor+ v8.0 for NetWare.

This deployment guide provides a step-by-step process for deploying LT Auditor+ v8.0 for NetWare. The installation process involves:

• Installing the LT Auditor+ Management Console on a workstation along with the setup files needed for remote install of LT Auditor+ on NetWare servers.
• Remotely installing LT Auditor+ from the LT Auditor+ Management Console workstation on all NetWare servers to be monitored and audited. This process installs the agents or NLMs that need to be loaded on the target servers.

Before beginning the installation process, make sure that you meet the system requirements presented in this step.

Server

• 4 MB available RAM
• 100+ MB hard drive space (1 GB recommended for the consolidation server)
• NetWare 4.11 or above
• Two unmapped NetWare drives
• BTRIEVE.NLM version 6.10c or higher (for consolidation server if one is implemented)

Workstation (For LT Auditor+ Management Console)

• Intel Pentium 166 MHz or faster (Pentium 450 MHz recommended)
• 64 MB of RAM (128 MB RAM recommended)
• 50+ MB of free hard drive space
• Either of the following Microsoft operating systems:
  • Windows NT 4.0 with Service Pack 6
    Windows 2000 with Service Pack 2 or higher
• Novell Client 4.8 or above for Windows NT/2000 (English)

1. Install the LT Auditor+ Management Console by performing the following procedure: Insert the LT Auditor+ CD into the CD drive of the workstation.
2. If Autorun is enabled, select LT Auditor+ for NetWare. If Autorun is not enabled, execute Setup.exe from the NetWare folder on the CD.
3. The InstallShield Wizard displays a welcome message. Follow the instructions to install LT Auditor+.
4. When the Customer Information window displays, enter your user name, company name and key. If you are installing a trial version of LT Auditor+, enter Trial in the Keyfield. Click Next and follow the instructions to continue the installation process.
5. When the Install wizard completed window displays, click Finish to exit.

This completes the installation of the LT Auditor+ Management Console as well as the installation of the setup files required to install LT Auditor+ remotely on the target NetWare servers.

Next, you install LT Auditor+ on all the NetWare servers that you want to audit. You install LT Auditor+ remotely on all target servers from the LT Auditor+ Management Console.

NOTE: Novell recommends that you have administrative rights on the target NetWare servers. If not, you must have NetWare trustee rights to the following folders on every NetWare server on which LT Auditor+ is to be installed:

• SUPERVISOR rights to the folder where LT Auditor+ is to be installed.
• READ, WRITE, CREATE and MODIFY rights to the SYS:SYSTEM folder

Before you install LT Auditor+ on a server, be certain that:

• You are logged into the eDirectory tree for that server.
• You have valid connection with the necessary trustee assignments on that server.

To install LT Auditor+ on the target servers, perform the following procedure from the LT Auditor+ Manager Console:

1. Select Start > Programs > LT Auditor+ > LT Auditor+ for NetWare > Remote Install. The LT Auditor+ Remote Setup window displays. Click Next and follow the instructions to install LT Auditor+.
2. When the Install Option window displays, select one of the following options:
   • Update AUTOEXEC.NCF (the original file will be renamed AUTOEXEC.LTA).
   • Manually update AUTOEXEC.NCF later. Under the LT Auditor+ Configuration files section, select one of the following options:
     • Use default configuration files.
     • Use configuration files from server.

       NOTE: The configuration files contain filter policies and other system settings.

3. Click Next. A window displays in which you specify the servers on which you wish to install LT Auditor+.
4. Specify all the servers on which you wish to install LT Auditor+ by first clicking Add and then selecting all the target servers. You can browse for servers if desired.
5. Click Install and the install program will install LT Auditor+ on all the servers you selected in substep 4 above.

This completes the installation of the LT Auditor+ NLMs on all NetWare servers. There are 6 NLMs installed:

• TMERGE.NLM-Consolidation Module. Consolidates LT Auditor+ log information from all audited NetWare servers onto the local server (consolidation server).
• LTTRANS.NLM-Transfer Module. Transfers LT Auditor+ log data from the local server to the consolidation server (if one is present).
• LTSECURE.NLM-LT Auditor+ Security Module. Ensures that the audit log data cannot be accessed or changed by unauthorized users.
• LTAUDIT.NLM-Auditing Engine. The agent that monitors and logs activities on the local server.
• LTASNMP.NLM-LT Auditor+ SNMP Module. Generates SNMP alerts when suspicious activities are detected on the local server.
• LTAIP.NLM-LT Auditor+ TCP/IP Engine. Speeds operation to take advantage of a pure IP environment.

  NOTE: You load the LTAIP.NLM only in a pure IP environment. You load this NLM in addition to the other 5 NLMs. See Step 4 below for instructions on loading the LTAIP.NLM.

To begin the auditing process, you must load the LT Auditor+ NLMs on the server to be audited. To load LT Auditor+ server modules, enter LTASTART and press Enter at the Server Console prompt. This starts LTAUDIT.NLM.

The LT Auditor+ NLMs reside in the LT Auditor+ directory on the server. If the loader does not load these modules successfully, an error message will display on the server screen stating the problem and a possible solution.

If you need to unload the LT Auditor+ NLMs, enter LTASTOP and press Enter.

For further control and configuration, you can use switches with the loader.

NOTE: You load the LTAIP.NLM, if required, using the loader switch /IP.

For more information on loading switches, refer to the "Installing LT Auditor+" chapter in the LT Auditor+ v8.0 for NetWare User Guide. You'll find the guide at: www.bluelance.com

To configure LT Auditor+ v8.0 for NetWare to monitor network activity, perform the following procedure on each server from the LT Auditor+ Management Console:

1. Select Start > Programs > LT Auditor+ > LT Auditor+ for NetWare > Management Console to bring up the LT Auditor+ Management Console.
2. Select the server you wish to configure.
3. Establish Filter Policy statements on the server.
   NOTE: The default policies specify the auditing of all Login and eDirectory activity as well as all file deletions and modifications. If you wish to create custom policies, refer to LT Auditor+ v8.0 for NetWare User Guide for more information.
4. Setup data archive and transfer settings on the server. The archive files contain all the audit trail data collected by LT Auditor+ on the local server. The transfer settings define the transfer of archive files to the consolidation server (if you are using a consolidation server). To setup the archive settings from the Management Console window, click Options > Preferences > Archive settings. To set up data transfer settings, access the data transfer settings window by clicking Option > Preferences > Data Transfer settings.
   NOTE: You can designate any NetWare server that has LT Auditor+ installed as a consolidation server. However, Novell recommends that you dedicate a server for this purpose, particularly for large installations with multiple servers.
5. Distribute the filter policies, and the archive and data transfer settings that you set up in substep 4 above to the other servers in the environment. You do this by exporting the configurations you set up to all the other servers. To export the settings, from the Management Console click on Tools > Export to bring up the export window. Select the configuration parameters to be exported and select all servers that are to receive these parameters. Click the Export button to complete the export process.
6. Switch to the consolidation server and create consolidation jobs to consolidate archived files to a Btrieve database. To do so, from the Management Console, right click mouse > New > Consolidation Job to bring up the Consolidation Job window. Set up the consolidation jobs in this window.

Generating Reports

LT Auditor+ v8.0 for NetWare includes the LT Auditor+ Report Generator that allows you to generate enterprise-wide reports from the database on the consolidation server, using either pre-defined queries or customized reports. You can select from a variety of report formats including Crystal Reports, Word, Excel,
HTML and PDF.

Assigning Authorized Users to Manage LT Auditor+

By default, the user who installs LT Auditor+ is the only user authorized to manage LT Auditor+. To allow other users to manage LT Auditor+, you must add them to the Authorized Users list. To do so, from the Management Console window right click mouse > New > Authorized User. This will display the window in which you add new users to the Authorized Users list.

All Authorized Users must have the following NetWare trustee rights on all servers they manage:

• SUPERVISOR rights to the folder where LT Auditor+ is installed.
• READ rights to the SYS:SYSTEM folder.

© 2002 Novell, Inc. All rights reserved. Novell, the Novell logo and NetWare are registered trademarks of Novell, Inc. in the United States and other countries.

*All other third-party trademarks are the property of their respective owners.