5.2 Configuring the Platform Agent Text File

After you install Identity Manager, you can configure the Platform Agent. The Platform Agent’s configuration settings are stored in a simple, text-based logevent configuration file. By default, logevent file is located in the following directories:

Table 5-1 Platform Agent Configuration File

Operating System

File

Linux

/etc/logevent.conf

Solaris

/etc/logevent.conf

Windows

\windows\logevent.cfg

The following is a sample logevent file.

LogHost=127.0.0.1
LogCacheDir=c:\logcache
LogCachePort=1288
LogEnginePort=1289
LogCacheUnload=no
LogCacheSecure=yes 
LogReconnectInterval=600
LogDebug=never
LogSigned=always
LogMaxBigData=3072
LogMaxCacheSize=2GB
LogCacheLimitAction=stop logging
ForceServerVersionNumber=1.0.0
LogJavaClassPath=/opt/novell/idm/rbpm/UserApplication/NAuditPA.jar

The entries in the logevent file are not case sensitive, entries can appear in any order, empty lines are valid, and any line that starts with a hash (#) is commented out.

You must add the following entry into the logevent file to log events for the User Application:

LogJavaClassPath=/opt/novell/idm/rbpm/UserApplication/NAuditPA.jar

The User Application installation copies this file into the correct directory, but the entry must be manually added to the logevent file.

The following table provides an explanation of each setting in the logevent file. The Platform Agent is used by Sentinel and Novell Audit. The documentation for the Platform Agent is in the NetIQ Audit Administration Guide.

IMPORTANT:You must restart the Platform Agent any time you make a change to the configuration.

Table 5-2 logevent Settings

Setting

Description

LogHost=dns_name

The hostname or IP address of the Event Source Server where the Platform Agent sends events.

In an environment where the Platform Agent connects to multiple hosts—for example, to provide load balancing or system redundancy—separate the IP address of each server with commas in the LogHost entry. For example,

LogHost=192.168.0.1,192.168.0.3,192.168.0.4

The Platform Agent connects to the servers in the order specified. If the first logging server goes down, the Platform Agent tries to connect to the second logging server, and so on.

LogCacheDir=path

The directory where the Platform Agent stores the cached event information if the Event Source Server becomes unavailable.

LogEnginePort=port

The port at which the Platform Agent can connect to the Event Source Server. By default, this is port 1289.

LogCachePort=port

The port at which the Platform Agent connects to the Logging Cache Module. By default, this is port 1288.

If the connection between the Platform Agent and the Event Source Server fails, Identity Manager continues to log events to the local Platform Agent. The Platform Agent simply switches into Disconnected Cache mode; that is, it begins sending events to the Logging Cache module (lcache). The Logging Cache module writes the events to the Disconnected Mode Cache until the connection is restored.

When the connection to the Event Source Server is restored, the Logging Cache Module transmits the cache files to the Event Source Server. To protect the integrity of the data store, the Event Source Server validates the authentication credentials in each cache file before logging its events.

LogCacheUnload=Y|N

Set the parameter to N to prevent lcache from being unloaded.

LogCacheSecure=Y|N

Set the parameter to Y to encrypt the local cache file.

LogReconnectInterval=seconds

The interval, in seconds, at which the Platform Agent and the Platform Agent Cache try to reconnect to the Event Source Server if the connection is lost. By default, this is 600.

LogDebug=Never|Always

The Platform Agent debug setting.

  • Set to Never to never log debug events.

  • Set to Always to always log debug events.

LogSigned=Never|Always

The signature setting for Platform Agent events.

IMPORTANT:Sentinel can receive and map Audit signatures to a NetIQ Sentinel event field; however, Sentinel does not currently verify event signatures.

  • Set to Never to never sign or chain events.

  • Set to Always to always log events with a digital signature and to sequentially chain events.

LogMaxBigData=bytes

The maximum size of the event data field. The default value is 3072 bytes. Set this value to the maximum number of bytes the client allows. Data that exceeds the maximum is truncated or not sent if the application doesn’t allow truncated events to be logged.

LogMaxCacheSize=bytes

The maximum size, in bytes, of the Platform Agent cache file. By default, the maximum size is 2 GB. If this size is not specified, the log cache file continues to grow till 2 GB.

LogCacheLimitAction=stop logging|drop cache

The action that you want the cache module to take when it reaches the maximum cache size limit.

  • Set to stop logging if you want to stop collecting new events.

  • Set to drop cache if you want to delete the cache and start over with any new events that are generated.

ForceServerVersionNumber=version number

To instruct the Platform Agent to use a particular Secure Log Server protocol version if events are logged to a log server from Nsure Audit version 1.0.x. The valid values are: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.3.P1, 1.0.3.P2, and so on.

If you are using patches from Nsure Audit 1.0.3, indicate the patch number being used, for example, P1, P2, P3, and so on. With Nsure Audit 1.0.3 Patch 2, the Secure Log Server properly reports the protocol in use and the NetIQ Audit 2.0.x Platform Agent automatically uses the protocol reported by the Secure Log Server.

LogJavaClassPath

The location of the NAuditPA.jar lcache file. For example:

LogJavaClassPath=/opt/novell/idm/rbpm/UserApplication/NAuditPA.jar

NOTE:Some options might not be available in all the versions of Audit.

Proceed to Section 7.0, Securing the Logging System.