Identity Audit 1.0 supports collecting log events from applications that were supported by the old Novell Audit product and its Platform Agent. Before completing the steps in this section, ensure that your Novell products are supported. For more information, see Section 2.4, Supported Platform Agent Version.
The 32-bits Platform Agent can be downloaded as part of the Novell Audit product.This URL is current for Audit 2.0.2 SP6.
The 64-bits Platform Agent can be downloaded as a standalone client.This URL is current for 2.0.2 SP6.This URL is current for Audit 2.0.2 SP6.
The Platform Agent must be at least the minimum version recommended for Identity Audit. For more information, see Section 2.4, Supported Platform Agent Version. The appropriate Platform Agent (32-bits or 64-bits) must be installed or updated on all event source machines.
The instructions for installing or upgrading the Platform Agent vary slightly by operating system. The sample instructions below are for a 32-bits Linux* Platform Agent.
Download the .iso file for the supported version of Novell Audit to the /tmp directory on the event source machine.
Create a directory for Audit. For example, mkdir -p audit202.
Log in as root.
Mount the Audit .iso file.
mount -o loop ./NAudit202.iso ./audit202
Go to the audit202 directory.
Go to the appropriate directory for the operating system on your event source. For example:
cd Linux
Run pinstall.lin.
./pinstall.lin
Read the license agreement and enter y if you are willing to accept the terms.
Enter P to install the Platform Agent.
Enter Y to keep any previous configurations to the logevent.conf file.
The Platform Agent is installed.
To verify that the Platform Agent version is correct, enter the following command:
rpm -qa | grep AUDT
The version of novell-AUDTplatformagent should be at least the supported version listed in Section 2.4, Supported Platform Agent Version.
After installation, the Platform Agent must be configured to send data to the Identity Audit server and, if desired, to send event signatures from the event sources.
IMPORTANT:Configuring the Platform Agent to generate signatures can negatively impact the performance of the event source machines.
To configure the Platform Agent:
Log into the event source machine.
Open the logevent file for editing. The file is in a different location depending on the operating system:
Linux: /etc/logevent.conf
Windows*: C:\WINDOWS\logevent.cfg
NetWare®: SYS:\etc\logevent.cfg
Solaris*: /etc/logevent.conf
Set LogHost to the IP address of the Identity Audit server.
Set LogEnginePort=1289, if this entry does not already exist.)
If you want the event source to send event signatures, enter LogSigned=always.
Save the file.
Restart the Platform Agent. The method varies by operating system and application. Reboot the machine or refer to the application-specific documentation on the Novell Documentation Web Site for more instructions.
The events for which each application generates records are configured differently for each application monitored by Identity Audit. The URLs below have more information about each application.
SecureLogin (see the Auditing link)