4.5 Analytics Server Configuration

This section describes the configuration settings that affects the Analytics server, such as changing its name, updating the health status from the server, and restarting it.

4.5.1 Managing Analytics Server

The following sections contain information about settings available with Analytics Server, changing the settings, and their impact on users:

Viewing Server Settings

Use the Analytics Servers page to view the status of Analytics Server, to view the health, and to perform other actions such as creating a cluster or stopping, refreshing, and starting Analytics Server.

  1. Click Devices > Analytics Server.

  2. Select one of the following:

    Analytics-Cluster: To create a new cluster of Analytics Server, click Analytics-Cluster. A cluster can be one or more Analytics Server machines.

    For configuration information, see Configuring Analytics Server.

    Stop: To stop an Analytics Server, select the server, then click Stop. You must have physical access to the Analytics Server machine to start it again.

    Restart: To reboot an Analytics Server machine, select the machine name, then click Restart. Analytics Server is stopped, the operating system reboots, then the machine is started.

    Refresh: To update the list of Analytics Server machines and the status columns (Status, Health), click Refresh.

  3. To perform the delete action available in the Actions drop-down menu, select Analytics Server, then select the following:

    Delete: To remove the selected Analytics Server from the list of servers that can be managed from this Administration Console. If that Analytics Server is a member of a cluster, you must first disable the cluster configuration before you can delete it.

    IMPORTANT:When an Analytics Server is deleted from an Administration Console, you can no longer manage it. To access it again or to access it from another Administration Console, you must manually import Analytics Server by running reimport_ar.sh in the /opt/novell/nam/scripts directory. For more information about re-importing Analytics Server, see Section 4.5.7, Importing Analytics Server.

  4. Use the following to manage an Analytics Server machine or a cluster.

    Name: Displays a list of Analytics Server machines and the clusters that can be managed from Administration Console.

    • To view or modify the general details of a particular server, click the name of the server.

    • To view or modify general details of a cluster, click the name of the cluster.

    Status: Indicates the configuration status of the clusters and Analytics Server. Possible states are pending, update, current, and update all. For more information, see Configuration Options.

    Health: Indicates whether an Analytics Server machine or a cluster is functional. Click the icon to view additional information about the operational status of an Analytics Server.

    Commands: Indicates the status of the last executed command and whether any commands are pending. Click the link to view more information. For more information, see Section 23.3, Viewing the Command Status of the Analytics Server.

Configuration Options

  1. In Administration Console Dashboard, click Devices > Analytics Server.

  2. View the Status column and make changes as necessary.

    Status

    Description

    Current

    Indicates that all configuration changes are applied.

    Update

    Indicates that a configuration change is made, but not applied. To apply the changes, click the Update link.

    Update All

    This link is available when a server belongs to a cluster. You can select to update all the servers at the same time, or you can select to update them one at a time. We recommend that you update the servers one at a time.

    Update

    If there is an error when you update the server, the Update link is disabled and the Configuration Error icon is displayed.

    Update All

    If there is an error when you click Update All, the member Update links are disabled and the Configuration Error icon is displayed.

    Pending

    Indicates that the server is processing a configuration change, but has not completed the process.

  3. Configure Analytics Server settings by using the steps mentioned in Section 4.5.5, Configuring Analytics Server.

NOTE:To view the graphs on Analytics dashboard you must enable the respective events in Identity Server and Access Gateway. For information about enabling required events, see Section 18.5, Enabling Events for Each Graph.

4.5.2 Managing General Details of Analytics Server

The Server Details page allows you to perform general maintenance action on the selected Analytics Server.

  1. Click Devices > Analytics Server > [Name of Analytics Server].

  2. Click Edit.

    To edit the general details of Analytics Dashboard, see Changing the Name of an Analytics Server and Modifying Other Server Details.

  3. Click Close.

Changing the Name of an Analytics Server and Modifying Other Server Details

The default name of an Analytics Server is its IP address. You can change this to a more descriptive name and modify other details that can help you identify one Analytic Server from another.

  1. Click Devices > Analytics Server > [Name of Analytics Server] > Edit.

  2. Modify the values in the following fields:

    Name: Specify the Administration Console display name for Analytics Server. This is a mandatory field. The default name is the IP address of Analytics Server. If you modify the name, the name must include alphanumeric characters and can include spaces, hyphens, and underscores.

    Management IP Address: Specify the IP address that is used for managing Analytics Server.

    It is recommended not to change this IP address.

    Port: Specify the port to use for communication with the Administration Console.

    Location: Specify the location of Analytics Server. This is optional, but useful if your network has multiple Analytics Server machines.

    Description: Describe the purpose of this Analytics Server. This is optional, but useful if your network has multiple Analytics Server.

  3. Click OK > Close.

    When you click OK, changes are immediately applied to Analytics Server.

4.5.3 Analytics Server Cluster Configuration

To use the cluster with high availability, you must perform the steps mentioned for Deploying Analytics Server for High Availability in NetIQ Access Manager 4.3 Installation and Upgrade Guide.

NOTE:After following the steps for deploying Analytics Server for high availability, you can view both Active and Standby nodes. To use Analytics Server in high availability mode, you must enable cluster configuration in Administration Console.

There can be only two servers in an Analytics Server high availability cluster. Both servers will use the virtual IP address that you create after installing Analytics Server in cluster mode. This IP address is an external IP address for Analytics server.

The following sections describe how to set up and manage a cluster of Analytics Server.

4.5.4 Managing Details of a Cluster

  1. Click Devices > Analytics Server > Analytics-Cluster.

  2. Specify the following details:

    Cluster Name: Specify a display name for the cluster.

    Primary Server: Specify the IP address of the primary server. The Access Manager reports and Analytics Dashboard are displayed from this server.

    NOTE:When you change the IP address in Primary Server, the Secure Logging Server settings are changed. Hence, you must configure Syslog for auditing again. For more information about configuring the settings, see Section 19.1.2, Configuring Syslog for Auditing.

  3. In the Server Name list, select the server that you want to add as a member of the cluster.

    You can create a cluster of one additional server.

    When you add a server to the cluster, it adds about 30 seconds to the time it takes to configure the cluster because certificates must be synchronized and configuration options must be sent to that server.

  4. Click OK.

4.5.5 Configuring Analytics Server

The configuration page allows you to view the configuration of a cluster or an Analytics Server machine.You can specify the log level and also configure the geolocation provider either for a particular server or for a cluster. The Analytics server uses this information to generate logs and reports.

To configure the settings for Analytics Server or a cluster, perform the following in Administration Console:

  1. Click Devices > Analytics Server.

  2. In the cluster row, click Edit.

  3. In the Log level field, select the required log level from the list.

    Log level

    Description

    severe

    Sends only messages that render the system unusable, if they are not resolved.

    warning

    Sends warning messages.

    info

    Sends informational messages such as requests sent to Web servers and the results of authentication requests.

    debug

    Sends debug messages

  4. In the Geolocation Provider field, click the edit icon.

  5. Select Enable Location Profiling to fetch location data from a geolocation database. This helps to identify the location of the user based on the IP address details.

  6. Select a Geolocation Provider. The available options are:

    Database

    Details

    Neustar Service

    • Specify the API Key and API Secret.

    • Specify the Web Service URL.

    Custom Provider

    • Specify a name to identify the provider.

    • Specify the fully qualified name of the JAVA class.

    • Click Add Property to add properties to the custom class.

    Analytics Dashboard uses this detail to plot the Geolocation of Users graph.

  7. (Conditional) If you have deployed Analytics Server for high availability, then in the Cluster Configuration section, set the Clustering is Configured: field to Yes and specify the same virtual IP address in the Cluster’s Virtual IP: field that you had specified during installation. For more information, refer NetIQ Access Manager 4.3 Installation and Upgrade Guide.

    NOTE:You cannot disable the high availability configuration. Even when you set the Clustering is Configured: field to No, the cluster configuration for active and standby nodes remains unchanged.

    When you set this field to No, the virtual IP address is not used and you have to change the server details for auditing. For more information about changing the server details for auditing, see Section 19.1.1, Specifying the Logging Server and Console Events.

4.5.6 Forwarding Events from Sentinel Server to Analytics Server

If you have an existing audit server as Sentinel Server and require a graphical view of Access Manager events by using Analytics Dashboard, then you can forward the audit events from Sentinel Server to Analytics Server by using Sentinel link connector.

When Analytics Server is installed and configured, Access Manager displays the following message:

Analytics Server will be functional only when it is set as the Audit Server.

If you want to continue using Sentinel server as the audit server, then you can ignore this message. To view the graphical view of the audit events in Analytics Dashboard you can perform the following steps:

To forward the events you must perform the following:

  1. Configure Analytics Server to receive events.

    1. Log in to Access Manager Administration Console

    2. Click Devices > Analytics Server > Reports

    3. Log in to Analytics Server with the Analytics Server administrator credentials

    4. Click admin > Applications

    5. Click Launch Control Center

    6. Click Event Source Management > Live view

    7. Click on the Table tab, then click the expand symbol (+) next to Sentinel

    8. Right click Sentinel Server, then click Add Event Source Server

    9. Select Sentinel Link from the installed connectors list, then click Next

    10. Configure network settings by specifying Port Number for Event Source Server, then click Next. The default port is 1290

    11. Continue with the default configuration for Security and Auto Configuration

    12. In the General dialog box, select the Run icon

      This allows the connector to run on 1290 so that Sentinel Server can connect with Analytics Server.

    13. Click Finish

    14. Click the expand symbol (+) next to Sentinel Server and verify if the status of Sentinel Link Server All:<port number> is On

  2. Configure Sentinel Server to send events to Analytics Server.

    1. Update the latest NetIQ Access Manager Collector in Sentinel Server

    2. Log in to the Sentinel Control Center with administrator rights

    3. Click the Configuration tab to enable Configuration on the menu bar

    4. Click Configuration, then select Integrator Manager

    5. Click the Add Integrator (+) icon to configure Integrator plug-in

    6. Select the Sentinel Link Integrator from the Select Integrator drop-down list

    7. Specify a name for the integrator in the Name field

    8. Click Next

    9. In the Server Configuration dialog box, specify the Host Name as the IP address of Analytics Server

    10. Specify the port number to connect to Analytics Server

      The default port is 1290.

    11. Click Next to continue with the default configurations, then click Test configuration to verify the connection is successful.

    12. Click OK > Finish

  3. Add an Action by using Sentinel Action Manager

    1. Navigate to control center > configuration > Action Manager

    2. Click Add

    3. In the Configure Action dialog box, specify the following:

      • Action Name: any name

      • Action: Sentinel Link

      • Name: Integrator

      • Value: Select the same integrator name that you have specified in Step 2.g.

    4. Click Save

  4. In Sentinel Server, create a routing rule to enable default routing that sends events automatically to Analytics Server

    1. Log in to Sentinel Server

    2. On the main menu, click Routing

    3. Click Edit next to Forward Events To Another Sentinel System

    4. Specify the following:

      • Criteria: (((sev:[0 TO 5]) NOT st:"I" NOT st:"A" NOT st:"P") AND ("NIDS\: User session was authenticated" OR evt:"NIDS\: Risk based authentication action for user" OR rv40:"002E0606" OR rv40:"002E0525" OR rv40:"002E001F" OR rv40:"002E0029" OR rv40:"002E0514" OR rv40:"002E0102" OR rv40:"002E000C"))

      • Route to the following services: All

      • Perform the following actions: Specify the action name that you specified during the configuration of Action Manager in Step 3.

    5. Click Save

    Ensure that the routing rule is enabled.

4.5.7 Importing Analytics Server

If you want to import Analytics Server to any Administration Console, you must run the re-import script on the required Analytics Server.

To import or re-import Analytics Server to a specific Administration Console, perform the following on the required Analytics Server:

  1. Go to the directory: /opt/novell/nam/scripts

    cd /opt/novell/nam/scripts

  2. Run the sh reimport_ar.sh script and enter the details against the followingprompts:

    1. Choose a local listener IP address [x.x.x.x]:

    2. (Optional) Choose a local NAT IP address [optional]:

    3. Choose Administration Console’s IP address []:

      Specify the IP address of the Administration Console on which you want to import the Analytics Server.

    4. Enter Admin User’s DN [cn=admin,o=novell]:

    5. Enter Admin Password: *****

  3. Wait for few minutes for the configuration to finish.