4.1 Installing and Configuring the Audit Connector

To install the Audit Connector,

  1. Download the latest Audit Connector (.zip file) from the Sentinel Plug-ins Web site to the server where the Sentinel Control Center is running.

    The Audit Connector is located under the Connectors tab.

  2. Log in to the Sentinel Control Center.

  3. Select Event Source Management > Live View, then select Tools > Import plugin.

  4. Select Import Collector Script or Connector plugin package file (.zip) option, then click Next.

  5. Browse to and select the .zip file you just downloaded, then click Next.

    You must use the latest plug-ins available from the Sentinel Plug-ins Web site.

  6. Follow the remaining prompts, then click Finish.

You must configure the Audit Connector to receive messages sent from Identity Manager to the Platform Agent. These events are then processed by the Identity Manager Collector.

There are multiple ways to configure the Audit Connector. The following procedure provides one of the way to configure the Audit Connector.

  1. Right-click the Identity Manager Collector, then click Add Connector.

  2. Select View Compatible Connection Methods Only.

  3. Select NetIQ Audit from the list of installed connectors, then click Next.

  4. Select the Event Source server to add to the Audit Connector, then click Next. Click Add to add an Event Source server manually.

    The Event Source server is the server that is running the Platform Agent and Identity Manager.

  5. Use the default policy or create a custom policy to automatically add or exclude individual source devices, then click Next.

    For more information, see “Auto Configuring Event Sources” in the Audit Connector Guide.

  6. Finish the configuration of the connector with the following information, then click Finish.

    • Name: Specify a name for this connector.

    • Run: Select whether the connector is started whenever the Collector Manager is started.

    • Alert if no data received in specified time period: (Optional) Select this option to send the No Data Alert event to Sentinel if not data is received by the connector in the specified time period.

    • Limit Data Rate: (Optional) Set a maximum limit on the rate of data the connector sends to Sentinel. If the data rate limit is reached, Sentinel throttles back on the source in order to limit the flow of data.

    • Set Filter: (Optional) Specify a filter on the raw data passing through the connector.

    • Copy Raw Data to a File: (Optional) Save the raw data passing through this connector to a file for further analysis.

Proceed to Section 5.0, Installing and Configuring the Platform Agent.