You can configure Access Manager to send audit events to Analytics Server. If you require to use any other server for auditing instead of Analytics Server, configure Access Manager to send audit events to Sentinel server, syslog server, or Novell Audit Server (on upgraded systems only).
In addition to the selectable events, device-generated alerts are automatically sent to the audit server. These Management Communication Channel events have an ID of 002e0605. All Access Manager events begin with 002e.
For information about audit event IDs and field data, see Section 31.17, Access Manager Audit Events and Data.
Access Gateway supports sending e-mail notification to system administrators. To configure this setting, click Devices > Access Gateways > Edit > Alerts.
NOTE:The eDirectory audit configuration remains unchanged even after you upgrade to the latest version of Access Manager. To fetch eDirectory audit events, manually unload and re-load the audit modules. Perform this activity each time you start eDirectory.
To install and enable eDirectory packages, see Installing Novell Audit Packages in the eDirectory 8.8 SP8 Administration Guide.
By default, Access Manager is configured to use the syslog server. If you install more than one instance of Administration Console for failover, the syslog server is installed with each instance. However, if you use a third-party syslog server, you can configure Access Manager to use your audit server. If you are using Analytics Server, you can configure Access Manager to use Analytics Server’s in-built audit server.
Access Manager allows you to specify only one audit server. The failover works even if the audit server is not reachable. The failover mechanism changes based on the type of logging:
File-based: Does not require a failover mechanism.
Syslog: The events are sent to a local file. The syslog client must be configured for failover. For more information, see the third-party syslog server documentation.
You can also configure Access Manager to send the events to Sentinel server or Sentinel Log Manager server if you have installed these products.
This section includes the following topics: