Configuring eDirectory Instrumentation



By: palaniappan1

June 18, 2009 4:07 pm

Reads: 358

Comments:1

Rating:0

This cool solution is to help the users configure the eDirectory instrumentation (available with eDirectory 8.8 SP5) with the new Sentinel Platform Agent.

Prerequisites:

Install eDirectory Instrumentation: The steps for installing and un-installing eDirectory instrumentation can be found here.

Understanding the Log Schema (LSC) file: The Log Schema file defines the framework for logging information. LSC file contains information like, Event IDs, Group IDs, Event Description, etc.

The Sentinel Server uses log schemas to create localized, human-readable log files.

Following is the schema for each event:

EventID, Description, Originator Title, Target Title, SubTarget Title, Text1 Title, Text2 Title, Text3 Title, Value1 Title, Value1 Type, Value2 Title, Value2 Type, Value3 Title, Value3 Type, Group Title, Group Type, Data Title, Data Type, Display Schema

The Log Schema file for the eDirectory instrumentation is the edir_en.lsc file, which is bundled with the eDirectory instrumentation package on all the platforms.

Sample from the edir_en.lsc file:

000B0001,Create Object,Perpetrator,Object DN,Class,,,Tree Name,,,,,,,Transaction Number,N,,,[$rC] [$SO]: A new eDirectory object called $SU (Class: $SY) was created by $SB\r\n

000B0002,Delete Object,Perpetrator,Object DN,Class,,,Tree Name,,,,,,,Transaction Number,N,,,[$rC] [$SO]: Object $SU (Class: $SY) was deleted by $SB\r\n

000B0003,Rename Object,Perpetrator,Object DN,New Object DN,,Class,Tree Name,,,,,,,Transaction Number,N,,,[$rC] [$SO]: Object $SU (Class: $ST) was renamed to $SY by $SB\r\n

More information on the LSC files can be found at: http://developer.novell.com/documentation/novlaudit/novaudit/data/brg0waf.html#brg0ygf

Configuration:

  1. Extend the eDirectory instrumentation schema with the ediraudit.sch file, which is available with the directory instrumentation installables on all the platforms through utilities like ndssch, ldapmodify or ICE.

    Examples:

    #ndssch -t MY-TREE admin.org /opt/novell/eDirectory/lib/nds-schema/ediraudit.sch
    #ice -S SCH -f /opt/novell/eDirectory/lib/nds-schema/ediraudit.sch -D LDAP -s  -d cn=admin,o=org -w password
  2. Choose the desired eDirectory events to audit using iManager.
    • Download and Install Novell Audit iManager plug-in at http://download.novell.com/Download?buildid=3HrXxSv7t-g~
    • Open the event selection tab
      eDirectory Administration -> Modify Object -> Select the NCP Server Object (where eDirectory instrumentation is installed) -> Novell Audit tab -> eDirectory tab (as shown in the following screen shot) and select which ever events you want to audit by checking the check boxes. Once you are done, click ‘Apply’.

  3. Load/Unload eDirectory instrumentation as follows:
    1. On Linux / Solaris:

      • ndstrace -c “load auditds” (Linux/Solaris)
      • ndstrace -c “unload auditds” (Linux/Solaris)

      Note: To automatically load eDirectory instrumentation every time eDirectory is started, add the following line in /etc/opt/novell/eDirectory/conf/ndsmodules.conf

      auditds auto #eDirectory Instrumentation

    2. On Windows:
      • Navigate to Start -> Control Panel -> Novell eDirectory Services
      • Select Services.
      • Click on nauditdls.dlm and then click Start (to start) and click stop (to stop).
      • Click OK.
      • Note: To automatically load eDirectory instrumentation every time eDirectory is started, click on nauditdls.dlm and then click Startup. Enable the Automatic option by clearing the check box and click OK..

  4. If the Sentinel Platform Agent is not already configured, then edit the Sentinel Platform Agent configuration file (logevent.cfg) and the properties file (eDirInst.properties) . These files will be installed as part of the Sentinel Platform agent..These files will be located at /etc/opt/novell/sentinelpa/conf (on Linux and solaris). These files have options to set the events that can / can not be logged in, the location where the log file to be present etc.
  5. Once all these settings are done and the eDirectory operations start happening, the corresponding events (with details as per the Log Schema File) will be logged in to the Sentinel Platform Agent log file.

Troubleshooting:

Problem Possible Reason(s)
Not able to view the events from the Sentinel Platform Agent Log File present in the default location. Check the eDirInst.properties file for the location of the file, as it could have been customized.
Not able to see the eDirectory events
  1. eDirectory instrumentation may not have been loaded
  2. Events are not selected using iManager
  3. Platform Agent configuration might be blocking those specific events.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

1 Comment

  1. By:denchris

    Install eDirectory Instrumentation: The link on HERE is broken.

Comment