2.1 Installing eDirectory and XDASv2

2.1.1 XDASv2 Files Installed with eDirectory

The following eDirectory XDASv2 files are, by default, installed as part of eDirectory.

  • Linux

    • novell-edirectory-xdaslog

    • novell-edirectory-xdaslog-conf

    • novell-edirectory-xdasinstrument

  • Windows

    • xdasauditds.dlm

    • xdaslog.dll

NOTE:From the OES 11 SP2 release, the XDAS RPMs are bundled with the Open Enterprise Server.

2.1.2 Upgrading iManager Plugins For XDASv2

You can upgrade the iManager Audit plugins to latest version.

  1. Log in to the iManager console.

    1. Open iManager from a Web browser, using the following URL:

      https://ip_address_or_DNS/nps/iManager.html
      

      where ip_address_or_DNS is the IP address or DNS name of your iManager server.

      For example:

      http://192.168.0.5/nps/iManager.html
      
    2. Log in using your username and password.

      In iManager, you have access only to those roles for which you have assigned rights. To have full access to all NetIQ iManager features, you must log in as a user with Admin rights to the tree.

      For more information, see Accessing iManager in the NetIQ iManager 2.7 Administration Guide.

  2. Select Audit Configuration from Roles and Tasks.

  3. Click the Upgrade XDAS Configuration link.

    An alert message about the upgrade process is displayed.

  4. Click Ok.

    During upgrade, new iManager files are installed and they cause configuration changes. After the upgrade completes, a message is displayed stating the success or failure status of the installation.

2.1.3 Configuring the XDASv2 Property File

When you install eDirectory, the installer lay down the xdasconfig.properties.template file in the configdir (n4u.server.configdir) directory.

Table 2-1 lists the default location of the xdasconfig.properties file in different operating systems.

Table 2-1 XDAS Configuration File

Operating System

File

Linux

/etc/opt/novell/eDirectory/conf/
xdasconfig.properties

For non-root installations, the XDASv2 property file is located in the conf directory.

Windows

<Install Path>/novell/nds/xdasconfig
 

The property file is usually in the eDirectory installation directory.

If you configure the property file and then upgrade your environment to eDirectory 8.8 SP7, the installer does not replace it. Instead, it updates the file (xdasconfig.properties.template) to retain customization.

After you install iManager, you can configure XDAS. The XDAS configuration settings are stored in a simple text-based xdasconfig.properties configuration file. You can customize the file according to your requirements.

The following is the content of the XDASv2 property file:

Linux

# Set the level of the root logger to DEBUG and attach appenders.
#log4j.rootLogger=debug, S, R
# Defines appender S to be a SyslogAppender. 
#log4j.appender.S=org.apache.log4j.net.SyslogAppender
# Defines location of Syslog server.
#log4j.appender.S.Host=localhost
#log4j.appender.S.Port=port
# Specify protocol to be used (UDP/TCP/SSL)
#log4j.appender.S.Protocol=UDP
# Specify SSL certificate file for SSL connection.
# File path should be given with double backslash.
#log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem
# Minimum log-level allowed in syslog.
#log4j.appender.S.Threshold=INFO
# Defines the type of facility.
#log4j.appender.S.Facility=USER
# Defines caching for SyslogAppender.
# Inputs should be yes/no
#log4j.appender.S.CacheEnabled=no
# Cache location directory
# Directory should be available for creating cache files
#log4j.appender.S.CacheDir=/var/opt/novell/eDirectory
# Cache File Size
# Cache File Size should be in the range of 50MB to 4000MB
#log4j.appender.S.CacheMaxFileSize=500MB
# Layout definition for appender Syslog S.
#log4j.appender.S.layout=org.apache.log4j.PatternLayout
#log4j.appender.S.layout.ConversionPattern=%c : %p%m%n
# Defines appender R to be a Rolling File Appender.
#log4j.appender.R=org.apache.log4j.RollingFileAppender
# Log file for appender R.
#log4j.appender.R.File=/var/opt/novell/eDirectory/log/xdas-events.log
# Max size of log file for appender R.
#log4j.appender.R.MaxFileSize=100MB
# Set the maximum number of backup files to keep for appender R.
# Max can be 13. If set to zero, then there will be no backup files.
#log4j.appender.R.MaxBackupIndex=10
# Layout definition for appender Rolling log file R.
#log4j.appender.R.layout=org.apache.log4j.PatternLayout
#log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c : %p%m%n

Windows

# Set the level of the root logger to DEBUG and attach appenders.
#log4j.rootLogger=debug, S, R
# Defines appender S to be a SyslogAppender. 
#log4j.appender.S=org.apache.log4j.net.SyslogAppender
# Defines location of Syslog server.
#log4j.appender.S.Host=localhost
#log4j.appender.S.Port=port
# Specify protocol to be used (UDP/TCP/SSL)
#log4j.appender.S.Protocol=UDP
# Specify SSL certificate file for SSL connection.
# File path should be given with double backslash.
#log4j.appender.S.SSLCertFile=C:\\Novell\\mycert.pem
# Minimum log-level allowed in syslog.
#log4j.appender.S.Threshold=INFO
# Defines the type of facility.
#log4j.appender.S.Facility=USER
# Defines caching for SyslogAppender.
# Inputs should be yes/no
#log4j.appender.S.CacheEnabled=no
# Cache location directory
# Directory should be available for creating cache files
#log4j.appender.S.CacheDir=C:\\Novell\\NDS
# Cache File Size
# Cache File Size should be in the range of 50MB to 4000MB
#log4j.appender.S.CacheMaxFileSize=500MB
# Layout definition for appender Syslog S.
#log4j.appender.S.layout=org.apache.log4j.PatternLayout
#log4j.appender.S.layout.ConversionPattern=%c : %p%m%n
# Defines appender R to be a Rolling File Appender.
#log4j.appender.R=org.apache.log4j.RollingFileAppender
# Log file for appender R.
#log4j.appender.R.File=/var/opt/novell/eDirectory/log/xdas-events.log
# Max size of log file for appender R.
#log4j.appender.R.MaxFileSize=100MB
# Set the maximum number of backup files to keep for appender R.
# Max can be 13. If set to zero, then there will be no backup files.
#log4j.appender.R.MaxBackupIndex=10
# Layout definition for appender Rolling log file R.
#log4j.appender.R.layout=org.apache.log4j.PatternLayout
#log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c : %p%m%n

Table 2-2 XDASv2 Property File

Options

ID

Syslog Appender

S

Rolling File Appender

R

The entries in the xdasconfig.properties file are not case sensitive, entries can appear in any order, empty lines are valid, and any line that starts with a hash (#) is commented out.

The following table provides an explanation of each setting in the xdasconfig.properties file.

IMPORTANT:You must restart eDirectory any time you make a change to the configuration.

Table 2-3 XDAS Settings

Setting

Description

log4j.rootLogger=debug, S, R

Sets the level of the root logger to debug and attaches an appender named R or S, where S specifies a Syslog appender and R specifies a Rolling File appender.

log4j.appender.S=org.apache.log4j.net.SyslogAppender

Specifies the appender S to be a Syslog appender.

log4j.appender.S.Host=localhost

Specifies the location of the Syslog server where XDAS events are logged.

IFor example,log4j.appender.S.Host=192.168.0.1

log4j.appender.S.Port=port

The port at which the XDAS connects to the Syslog server.

The port supports values from 1 to 65535. If you specify an invalid value, the port defaults to 514.

If the connection between XDAS and the Syslog server fails, Identity Manager cannot log events until the connection is restored.

log4j.appender.S.Protocol=UDP

Specifies the protocol to use. For example, UDP, TCP, or SSL.

log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem

Specifies the SSL certificate file for the SSL connection. Use double backslashes to specify the path of the file. This is an optional setting.

log4j.appender.S.Threshold=INFO

Specifies the minimum log level allowed in the Syslog appender. Currently, the INFO log level is supported.

log4j.appender.S.Facility=USER

Specifies the type of facility. The facility is used to try to classify the message.Currently, USER facility is supported. These values may be specified as upper or lower case characters.

log4j.appender.S.layout=org.apache.log4j.PatternLayout

Layout setting for Syslog appender.

log4j.appender.S.layout.ConversionPattern=%c : %p%m%n

Layout setting for Syslog appender. For information about the conversion patters and their descriptions, see logging.apache.org.

log4j.appender.R=org.apache.log4j.RollingFileAppender

Specifies appender R to be a Rolling File appender.

log4j.appender.R.File=/var/opt/novell/eDirectory/log/xdas-events.log

The location of the log file for a Rolling File appender.

log4j.appender.R.MaxFileSize=100MB

The maximum size, in MBs, of the log file for a Rolling File appender. Set this value to the maximum size that the client allows.

log4j.appender.R.MaxBackupIndex=10

Specify the maximum number of backup files for a Rolling File appender. The maximum number of the backup files can be 10. A zero value means no backup files.

log4j.appender.R.layout=org.apache.log4j.PatternLayout

Layout setting for Rolling File appender.

log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c : %p%m%n

Layout setting for Rolling File appender. See Table 2-4 for simple date format patterns.

For information about the conversion patters and their descriptions, see logging.apache.org

The following examples illustrate the date and time patterns interpreted in the U.S. The given date and time are 2012-07-04 12:08:56 local time in the U.S. Pacific Time time zone.

Table 2-4 Date and Time Pattern Example

Date and Time Pattern

Result

"yyyy.MM.dd G 'at' HH:mm:ss z"

2012.07.04 AD at 12:08:56 PDT

"EEE, MMM d, ''yy"

Wed, Jul 4, '01

"h:mm a"

12:08 PM

"hh 'o''clock' a, zzzz"

12 o'clock PM, Pacific Daylight Time

"K:mm a, z"

0:08 PM, PDT

"yyyyy.MMMMM.dd GGG hh:mm aaa"

02012.July.24 AD 12:08 PM

"EEE, d MMM yyyy HH:mm:ss Z"

Wed, 24 Jul 2012 12:08:56 -0700

"yyMMddHHmmssZ"

120724120856-0700

"yyyy-MM-dd'T'HH:mm:ss.SSSZ"

2012-07-04T12:08:56.235-0700

Enabling Syslog Appender

You can use the Syslog appender, if you want centralize the auditing messages at one place. Additionally, a Syslog server offers better backup support in the event of a disaster.

To enable the Syslog appender, make the following changes in the xdasxconfig.properties file:

  1. Change the following entry to S to attach a Syslog appender:

    log4j.rootLogger=debug, S

  2. Uncomment the following entries:

    log4j.appender.S=org.apache.log4j.net.SyslogAppender
    
    log4j.appender.S.Host=localhost
    
    log4j.appender.S.Port=port
    
    log4j.appender.S.Protocol=UDP
    
    log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem
    
    #log4j.appender.S.Threshold=INFO
    
    #log4j.appender.S.Facility=USER
    
    #log4j.appender.S.layout=org.apache.log4j.PatternLayout
    
    #log4j.appender.S.layout.ConversionPattern=%c : %p%m%n
    
  3. Log into iManager and change the log events. For information about configuring XDAS Events, see Section 2.2, Configuring XDAS Events.

Generating Certificate for Syslog SSL Connection

To generate a certificate for syslog connection:

  1. Create the certificate by using the following OpenSSL command:

    openssl s_client -host LOG_SERVER  -port 1443 -showcerts
    
  2. Copy the certificate you created to the /etc/opt/novell/eDirectory/conf/xdasconfig.properties file.

Enabling Rolling File Appender

The File appender is preferred, if the auditing solution is limited to an individual server. Also, it is easy to bring up this solution because the number of components to be setup are few and thus, is more suited for demonstrations.

To enable the Rolling File appender, make the following changes in the xdasxconfig.properties file:

  1. Change the following entry to R to attach a Rolling File appender.

    log4j.rootLogger=debug, R

  2. Uncomment the following entries:

    log4j.appender.R=org.apache.log4j.RollingFileAppender
    
    log4j.appender.R.File=/var/opt/novell/eDirectory/log/xdas-events.log
    
    log4j.appender.R.MaxFileSize=100MB
    
    log4j.appender.R.MaxBackupIndex=10
    
    log4j.appender.R.layout=org.apache.log4j.PatternLayout
    
    log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c : %p%m%n
    
  3. Select the desired event from iManager.

    For information about configuring XDAS Events, see Section 2.2, Configuring XDAS Events.