After you install Identity Manager, you can configure the Platform Agent. The Platform Agent’s configuration settings are stored in a simple, text-based logevent configuration file. By default, logevent file is located in the following directories:
Table 5-1 Platform Agent Configuration File
Operating System |
File |
---|---|
Linux |
/etc/logevent.conf |
Solaris |
/etc/logevent.conf |
Windows |
\windows\logevent.cfg |
The following is a sample logevent file.
LogHost=127.0.0.1 LogCacheDir=c:\logcache LogCachePort=1288 LogEnginePort=1289 LogCacheUnload=no LogCacheSecure=yes LogReconnectInterval=600 LogDebug=never LogSigned=always LogMaxBigData=3072 LogMaxCacheSize=2GB LogCacheLimitAction=stop logging ForceServerVersionNumber=1.0.0 LogJavaClassPath=/opt/novell/idm/rbpm/UserApplication/NAuditPA.jar
The entries in the logevent file are not case sensitive, entries can appear in any order, empty lines are valid, and any line that starts with a hash (#) is commented out.
You must add the following entry into the logevent file to log events for the User Application:
LogJavaClassPath=/opt/novell/idm/rbpm/UserApplication/NAuditPA.jar
The User Application installation copies this file into the correct directory, but the entry must be manually added to the logevent file.
The following table provides an explanation of each setting in the logevent file. The Platform Agent is used by Sentinel and Novell Audit. The documentation for the Platform Agent is in the NetIQ Audit Administration Guide.
IMPORTANT:You must restart the Platform Agent any time you make a change to the configuration.
Table 5-2 logevent Settings
Setting |
Description |
---|---|
LogHost=dns_name |
The hostname or IP address of the Event Source Server where the Platform Agent sends events. In an environment where the Platform Agent connects to multiple hosts—for example, to provide load balancing or system redundancy—separate the IP address of each server with commas in the LogHost entry. For example, LogHost=192.168.0.1,192.168.0.3,192.168.0.4 The Platform Agent connects to the servers in the order specified. If the first logging server goes down, the Platform Agent tries to connect to the second logging server, and so on. |
LogCacheDir=path |
The directory where the Platform Agent stores the cached event information if the Event Source Server becomes unavailable. |
LogEnginePort=port |
The port at which the Platform Agent can connect to the Event Source Server. By default, this is port 1289. |
LogCachePort=port |
The port at which the Platform Agent connects to the Logging Cache Module. By default, this is port 1288. If the connection between the Platform Agent and the Event Source Server fails, Identity Manager continues to log events to the local Platform Agent. The Platform Agent simply switches into Disconnected Cache mode; that is, it begins sending events to the Logging Cache module (lcache). The Logging Cache module writes the events to the Disconnected Mode Cache until the connection is restored. When the connection to the Event Source Server is restored, the Logging Cache Module transmits the cache files to the Event Source Server. To protect the integrity of the data store, the Event Source Server validates the authentication credentials in each cache file before logging its events. |
LogCacheUnload=Y|N |
Set the parameter to N to prevent lcache from being unloaded. |
LogCacheSecure=Y|N |
Set the parameter to Y to encrypt the local cache file. |
LogReconnectInterval=seconds |
The interval, in seconds, at which the Platform Agent and the Platform Agent Cache try to reconnect to the Event Source Server if the connection is lost. By default, this is 600. |
LogDebug=Never|Always |
The Platform Agent debug setting.
|
LogSigned=Never|Always |
The signature setting for Platform Agent events. IMPORTANT:Sentinel can receive and map Audit signatures to a NetIQ Sentinel event field; however, Sentinel does not currently verify event signatures.
|
LogMaxBigData=bytes |
The maximum size of the event data field. The default value is 3072 bytes. Set this value to the maximum number of bytes the client allows. Data that exceeds the maximum is truncated or not sent if the application doesn’t allow truncated events to be logged. |
LogMaxCacheSize=bytes |
The maximum size, in bytes, of the Platform Agent cache file. By default, the maximum size is 2 GB. If this size is not specified, the log cache file continues to grow till 2 GB. |
LogCacheLimitAction=stop logging|drop cache |
The action that you want the cache module to take when it reaches the maximum cache size limit.
|
ForceServerVersionNumber=version number |
To instruct the Platform Agent to use a particular Secure Log Server protocol version if events are logged to a log server from Nsure Audit version 1.0.x. The valid values are: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.3.P1, 1.0.3.P2, and so on. If you are using patches from Nsure Audit 1.0.3, indicate the patch number being used, for example, P1, P2, P3, and so on. With Nsure Audit 1.0.3 Patch 2, the Secure Log Server properly reports the protocol in use and the NetIQ Audit 2.0.x Platform Agent automatically uses the protocol reported by the Secure Log Server. |
LogJavaClassPath |
The location of the NAuditPA.jar lcache file. For example: LogJavaClassPath=/opt/novell/idm/rbpm/UserApplication/NAuditPA.jar |
NOTE:Some options might not be available in all the versions of Audit.
Proceed to Section 7.0, Securing the Logging System.