8.8 Logging to a Sentinel Server

To enable NetIQ Sentinel logging in your Identity Manager environment, you need to configure the Platform Agent on your application server and then enable Sentinel logging.

8.8.1 Configuring the Platform Agent

The Platform Agent is required on any client that reports events to Sentinel. You configure the Platform Agent through the logevent configuration file. This file provides the configuration information that the Platform Agent needs to communicate with the Sentinel server. The default location for this file, on the application server, is:

  • Linux: /etc/logevent.conf

  • Windows: /<WindowsDir>/logevent.cfg (Usually c:\windows)

To configure the Platform Agent:

  1. Configure the Platform Agent on your application server.

    Specify the following properties:

    Loghost: The IP address or DNS name of your Sentinel server. For example:

    LogHost=xxx.xxx.xxx.xxx

    LogJavaClassPath: The location of the lcache jar file NauditPA.jar. For example:

    LogJavaClassPath=/opt/netiq/idm/NAuditPA.jar

    LogCacheDir: Specifies where lcache stores cache files. For example:

    LogCacheDir=/opt/netiq/idm/naudit/cache

    LogCachePort: Specifies on which port lcache listens for connections. The default is 288, but in a Linux server, set the port number greater than 1000. For example:

    LogCachePort=1233

    BigData Specifies the maximum number of bytes that the client will allow. Larger amounts of logging data will be truncated. The default value is 3072 bytes, but you should change this to at least 8192 bytes to handle a typical form that has approximately 15 fields on a half page.

    LogMaxBigData=8192

    IMPORTANT:If your data is very large, you might want to increase this value. If you are logging events that include digital signatures, it is critical that the value of LogMaxBigData be large enough to handle the data being logged.

    Specify any other settings needed for your environment.

    NOTE:You must restart the Platform Agent any time you change the configuration.

  2. Restart the Platform Agent for the changes to take effect.

8.8.2 Enabling Sentinel Logging

  1. Log in to Identity Manager Dashboard as a User Application Administrator.

  2. Go to Configuration > Logging.

  3. Select Enable naudit service.

  4. (Conditional) To allow log events in CEF format, select Enable CEF format and specify the sentinel server details.

  5. (Conditional) To save the changes for subsequent restart of the Tomcat server, make sure is selected.