Novell Advanced Audit Service

Novell® Advanced Audit Service (NAAS) lets you audit services running on the network. NAAS uses Novell eDirectoryTM for storing policies and configuration information and for managing access to the audited data. By default, NAAS performs eDirectory and NetWare® Legacy File System (NWFS) and NSS auditing.

NAAS Components

NAAS Agent - Resides on each machine that is hosting the services you want to audit. The agent performs the following tasks:

NAAS Server - Collects the audit records from the NAAS Agents and stores them in the database. The NAAS Server also services queries from the NAAS Utility for reading these audit records and performs the necessary access control.

NAAS Database - Stores the audit records.

NAAS Utility - Provides a user interface for communicating with the audit framework. Using this utility, you can configure the policies, view the policies and also view the audit data stored in the NAAS database.

NAAS Terminology

This section provides information on the commonly used NAAS terminologies.

NAAS Policies - Set of rules that govern the functioning of the NAAS frame work. The NAAS framework comprises NAAS policies that are stored in a NAAS container available just below the partition root in the eDirectory tree, and various components running in the network.

NAAS Agent Policy - Governs the functioning of the NAAS Agent.

NAAS Server Policy -Governs the functioning of the NAAS Server.

NAAS Event - Occurrence of an action on an object of interest (Target object).

Target Objects - Objects on which the events are generated.

NAAS Event Policy Template - Identity for the audited service in eDirectory. Every audited service should create its own Event Policy Template in eDirectory.This object contains some information specific to the service such as the service identifier, version, and list of events exposed by the service.

NAAS Event Policy - Is specific to an audited service and is created based on the Event Policy Template. This policy defines which events are to be audited and which are not. It specifies the action to be taken when an audit event occurs, and also how data policies should be evaluated for a particular event. The NAAS Agent filters the events generated by an audited service based on the event policy.

NAAS Data Policy - Every event has some data associated with it, such as who was the perpetrator of the event and on which machine the event occur on. Based on this data, NAAS Data policies define which events are to be audited and which are not. There are various types of data policies such as NAAS User Policy, NAAS Source Machine Policy, NAAS Target Machine Policy and NAAS File Policy. The NAAS Agent evaluates the data policies together with the event policy and accordingly decides if the event is to be audited or not.

NAAS Search Criteria Policy - A set of rules specifying how the NAAS Agent may search for a NAAS Policy for a particular audited object. Audit Policies can be associated directly at an object, at a parent container, or at a group which the object belongs to.

Associated Policies - A NAAS policy can be associated directly to an object, to one of its parent containers, or one of the groups to which the object belongs to.

Effective Policy - When an Audited Service generates an event, the NAAS Agent processes it based on the effective policy set for that Agent and decides what is to be done with the event. When the NAAS framework searches for the policy applicable to an object, it must know the order in which to search the object, container and group for the policy.The search order and the level are provided by the Search Criteria policy.

NAAS Reports - NAAS reports provide the details of all the audited events that satisfy the criteria set based on target objects, filters, and dates.

Auditor - User responsible for viewing NAAS reports.

Filters - Filters can be used to filter the data stored in audit database for viewing the reports. The types of filters are filter sets, event filters and data filters.

Describes the NAAS Framework

The above diagram depicts a sample setup of NAAS deployed in a network. Here, NAAS Agent is running on all servers, NAAS Server is running on two of the servers and both these servers are using the same database to store the audit records. The database can be any of the supported databases like MySQL*, Oracle*, and Pervasive* running on any platform. ConsoleOne can be used for running the NAAS utility on the Windows* client.