B.1 Understanding the auditlogconfig.properties File

The following Identity Manager components use auditlogconfig.properties file to store the CEF configuration:

  • Identity Vault

  • Identity Manager Engine

  • Java Remote Loader

  • Fanout Agent

For information about the content of the audit properties file for each of these Identity Manager components, see the following sections:

B.1.1 Identity Manager Engine, Remote Loader, and .NET Remote Loader

The following is a sample auditlogconfig.properties file for Identity Manager engine, Remote Loader, and .NET Remote Loader:

# Set the level of the root logger to DEBUG and attach appenders.
#log4j.rootLogger=debug, S, R

# Defines appender S to be a SyslogAppender.
#log4j.appender.S=org.apache.log4j.net.SyslogAppender

# Defines location of Syslog server.
#log4j.appender.S.Host=localhost
#log4j.appender.S.Port=port

# Specify protocol to be used (UDP/TCP/SSL)
#log4j.appender.S.Protocol=SSL

# Specify SSL certificate file for SSL connection.
# File path should be given with double backslash.
#log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem

# Minimum log-level allowed in syslog.
#log4j.appender.S.Threshold=INFO

# Defines the type of facility.
#log4j.appender.S.Facility=USER

# Defines caching for SyslogAppender.
# Inputs should be yes/no
#log4j.appender.S.CacheEnabled=yes

# Cache location directory
# Directory should be available for creating cache files
#log4j.appender.S.CacheDir=/var/opt/novell/eDirectory

# Cache File Size
# Cache File size should be in the range of 50MB to 4000MB
#log4j.appender.S.CacheMaxFileSize=500MB

# Layout definition for appender Syslog S.
#log4j.appender.S.layout=org.apache.log4j.PatternLayout
#log4j.appender.S.layout.ConversionPattern=%c: %m%n

# Defines appender R to be a Rolling File Appender.
#log4j.appender.R=org.apache.log4j.RollingFileAppender

# Log file for appender R.
#log4j.appender.R.File=/var/opt/novell/eDirectory/log/cef-events.log

# Max size of log file for appender R.
#log4j.appender.R.MaxFileSize=100MB

# Set the maximum number of backup files to keep for appender R.
# Max can be 13. If set to zero, then there will be no backup files.
#log4j.appender.R.MaxBackupIndex=10

# Layout definition for appender Rolling log file R.
#log4j.appender.R.layout=org.apache.log4j.PatternLayout
#log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c %m%n

NOTE:By default, the appenders are disabled. You need to manually enable them.

Before using the auditlogconfig.properties file, NetIQ recommends you to review the following considerations:

  • The letters S and R specify Syslog Appender and Rolling File Appender respectively.

  • Entries in the auditlogconfig.properties file are not case sensitive.

  • Entries in the auditlogconfig.properties file can appear in any order.

  • Empty lines in the file are valid.

  • Any line that starts with a hash (#) is commented out.

The following table provides an explanation of each property in the auditlogconfig.properties file:

Setting

Description

log4j.rootLogger

Sets the level of the root logger to debug and attaches an appender named R or S, where S specifies a Syslog appender and R specifies a Rolling File appender.

log4j.appender.S

Specifies the appender S to be a Syslog appender.

log4j.appender.S.Host

Specifies the location of the Syslog server where audit events are logged.

log4j.appender.S.Port

The port at which the Auditing server connects to the Syslog server.

If the connection between Auditing server and the Syslog server fails, Identity Manager cannot log events until the connection is restored.

log4j.appender.S.Protocol

Specifies the protocol to use. For example, UDP, TCP, or SSL. SSL is the default protocol. For enabling secure communication, see Section 6.0, Securing the Logging System.

log4j.appender.S.SSLCertFile

Specifies the SSL certificate file for the SSL connection. Use double backslashes to specify the path of the file. This is an optional setting.

log4j.appender.S.Threshold

Specifies the minimum log level allowed in the Syslog appender. INFO is the only supported log level.

log4j.appender.S.Facility

Specifies the type of facility.

log4j.appender.S.CacheEnabled

Specifies caching for Syslog appender.

log4j.appender.S.CacheDir

Specifies the directory for storing the cache file.

log4j.appender.S.CacheMaxFileSize

Specifies the size of the cache file. The range is 50 MB to 4000 MB.

log4j.appender.S.layout

Layout setting for Syslog appender.

log4j.appender.S.layout.ConversionPattern

Layout setting for Syslog appender.

log4j.appender.R

Specifies appender R to be a Rolling File appender.

log4j.appender.R.File

The location of the log file for a Rolling File appender.

log4j.appender.R.MaxFileSize

The maximum size, in MBs, of the log file for a Rolling File appender. Set this value to the maximum size that the client allows. This field accepts only integer value.

NOTE:The minimum size of the MaxFileSize parameter for the Rolling File appender is 50 MB.

log4j.appender.R.MaxBackupIndex

Specify the maximum number of backup files for a Rolling File appender. The maximum number of the backup files can be 10. A zero value means no backup files.

log4j.appender.R.layout

Layout setting for Rolling File appender.

log4j.appender.R.layout.ConversionPattern

Layout setting for Rolling File appender.

Enabling the Syslog Appender

  1. Change the following entry to S to attach a Syslog appender:

    log4j.rootLogger=debug, S

  2. Uncomment the following entries:

    log4j.appender.S=org.apache.log4j.net.SyslogAppender
    log4j.appender.S.Host=localhost
    log4j.appender.S.Port=port
    log4j.appender.S.Protocol=SSL
    log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem
    log4j.appender.S.Threshold=INFO
    log4j.appender.S.Facility=USER
    log4j.appender.S.layout=org.apache.log4j.PatternLayout
    log4j.appender.S.layout.ConversionPattern%c: =%m%n
  3. Log in to iManager and change the log events.

    For more information on changing log levels by using iManager, see Setting the Log Level and Maximum Log Size.

  4. Restart eDirectory.

Enabling the Rolling File Appender

The Rolling File appender is preferred, if the auditing solution is limited to an individual server. Rolling file appender is more reliable compared to the Syslog appender because it uses the file connector to send events from your local file system to the auditing server.

  1. Change the following entry to R to attach a Rolling File appender:

    log4j.rootLogger=debug, R

  2. Uncomment the following entries:

    log4j.appender.R=org.apache.log4j.RollingFileAppender
    log4j.appender.R.File=/var/opt/novell/eDirectory/log/cef-events.log
    log4j.appender.R.MaxFileSize=100MB
    log4j.appender.R.MaxBackupIndex=10
    log4j.appender.R.layout=org.apache.log4j.PatternLayout
    log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c %m%n
  3. Log in to iManager and change log levels.

    For more information on changing log levels by using iManager, see Setting the Log Level and Maximum Log Size.

  4. Restart eDirectory.

B.1.2 Java Remote Loader and Fanout Agent

The following is a sample auditlogconfig.properties file for the Java Remote Loader and the Fanout agent.

# Defines location of Syslog server.
#SyslogHost=localhost
#SyslogPort=port

# Specify protocol to be used (UDP/TCP/SSL)
#SyslogProtocol=TCP

# Specify SSL keystore file for SSL connection.
# File path should be given with double backslash.
#SyslogSSLKeystoreFile=/opt/netiq/idm/jre/lib/security/cacerts

# Specify SSL keystore password for SSL connection.
#SyslogSSLKeystorePassword=password

# Defines caching for SyslogAppender.
# Inputs should be yes/no
#CacheEnabled=yes

# Cache location directory
# Directory should be available for creating cache files
#CacheDir=/tmp/IDMcache

# Cache File Size
# Cache File size should be in the range of 50MB to 4000MB
#CacheRolloverSize=50

# Log file for appender
#FileAppenderFileName=/var/opt/novell/log/cef-events.log

The following table provides an explanation of each property in the auditlogconfig.properties file:

Setting

Description

SyslogHost

Specifies the location of the Syslog server where audit events are logged.

SyslogPort

The port at which the Auditing server connects to the Syslog server.

If the connection between Auditing server and the Syslog server fails, Identity Manager cannot log events until the connection is restored.

SyslogProtocol

Specifies the protocol to use. For example, UDP, TCP, or SSL.

SyslogSSLKeystoreFile

Specifies the SSL certificate file for the SSL connection. Use double backslashes to specify the path of the file. This is an optional setting.

SyslogSSLKeystorePassword

Specifies the keystore password for the SSL connection.

CacheEnabled

Specifies caching for SyslogAppender. The values can be yes or no.

CacheDir

Specifies the directory for storing the cache file.

CacheRolloverSize

Specifies the size of the cache file. The range is 50 MB to 4000 MB.

FileAppenderFileName

Specifies the log file for appender.

AppendComponentName

Specifies whether you want to append the component name before the event message. You can set this option to Yes if you are using Sentinel as your auditing solution.