The following Identity Manager components use auditlogconfig.properties file to store the CEF configuration:
Identity Vault
Identity Manager Engine
Java Remote Loader
Fanout Agent
For information about the content of the audit properties file for each of these Identity Manager components, see the following sections:
The following is a sample auditlogconfig.properties file for Identity Manager engine, Remote Loader, and .NET Remote Loader:
# Set the level of the root logger to DEBUG and attach appenders. #log4j.rootLogger=debug, S, R # Defines appender S to be a SyslogAppender. #log4j.appender.S=org.apache.log4j.net.SyslogAppender # Defines location of Syslog server. #log4j.appender.S.Host=localhost #log4j.appender.S.Port=port # Specify protocol to be used (UDP/TCP/SSL) #log4j.appender.S.Protocol=SSL # Specify SSL certificate file for SSL connection. # File path should be given with double backslash. #log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem # Minimum log-level allowed in syslog. #log4j.appender.S.Threshold=INFO # Defines the type of facility. #log4j.appender.S.Facility=USER # Defines caching for SyslogAppender. # Inputs should be yes/no #log4j.appender.S.CacheEnabled=yes # Cache location directory # Directory should be available for creating cache files #log4j.appender.S.CacheDir=/var/opt/novell/eDirectory # Cache File Size # Cache File size should be in the range of 50MB to 4000MB #log4j.appender.S.CacheMaxFileSize=500MB # Layout definition for appender Syslog S. #log4j.appender.S.layout=org.apache.log4j.PatternLayout #log4j.appender.S.layout.ConversionPattern=%c: %m%n # Defines appender R to be a Rolling File Appender. #log4j.appender.R=org.apache.log4j.RollingFileAppender # Log file for appender R. #log4j.appender.R.File=/var/opt/novell/eDirectory/log/cef-events.log # Max size of log file for appender R. #log4j.appender.R.MaxFileSize=100MB # Set the maximum number of backup files to keep for appender R. # Max can be 13. If set to zero, then there will be no backup files. #log4j.appender.R.MaxBackupIndex=10 # Layout definition for appender Rolling log file R. #log4j.appender.R.layout=org.apache.log4j.PatternLayout #log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c %m%n
NOTE:By default, the appenders are disabled. You need to manually enable them.
Before using the auditlogconfig.properties file, NetIQ recommends you to review the following considerations:
The letters S and R specify Syslog Appender and Rolling File Appender respectively.
Entries in the auditlogconfig.properties file are not case sensitive.
Entries in the auditlogconfig.properties file can appear in any order.
Empty lines in the file are valid.
Any line that starts with a hash (#) is commented out.
The following table provides an explanation of each property in the auditlogconfig.properties file:
Setting |
Description |
---|---|
log4j.rootLogger |
Sets the level of the root logger to debug and attaches an appender named R or S, where S specifies a Syslog appender and R specifies a Rolling File appender. |
log4j.appender.S |
Specifies the appender S to be a Syslog appender. |
log4j.appender.S.Host |
Specifies the location of the Syslog server where audit events are logged. |
log4j.appender.S.Port |
The port at which the Auditing server connects to the Syslog server. If the connection between Auditing server and the Syslog server fails, Identity Manager cannot log events until the connection is restored. |
log4j.appender.S.Protocol |
Specifies the protocol to use. For example, UDP, TCP, or SSL. SSL is the default protocol. For enabling secure communication, see Section 6.0, Securing the Logging System. |
log4j.appender.S.SSLCertFile |
Specifies the SSL certificate file for the SSL connection. Use double backslashes to specify the path of the file. This is an optional setting. |
log4j.appender.S.Threshold |
Specifies the minimum log level allowed in the Syslog appender. INFO is the only supported log level. |
log4j.appender.S.Facility |
Specifies the type of facility. |
log4j.appender.S.CacheEnabled |
Specifies caching for Syslog appender. |
log4j.appender.S.CacheDir |
Specifies the directory for storing the cache file. |
log4j.appender.S.CacheMaxFileSize |
Specifies the size of the cache file. The range is 50 MB to 4000 MB. |
log4j.appender.S.layout |
Layout setting for Syslog appender. |
log4j.appender.S.layout.ConversionPattern |
Layout setting for Syslog appender. |
log4j.appender.R |
Specifies appender R to be a Rolling File appender. |
log4j.appender.R.File |
The location of the log file for a Rolling File appender. |
log4j.appender.R.MaxFileSize |
The maximum size, in MBs, of the log file for a Rolling File appender. Set this value to the maximum size that the client allows. This field accepts only integer value. NOTE:The minimum size of the MaxFileSize parameter for the Rolling File appender is 50 MB. |
log4j.appender.R.MaxBackupIndex |
Specify the maximum number of backup files for a Rolling File appender. The maximum number of the backup files can be 10. A zero value means no backup files. |
log4j.appender.R.layout |
Layout setting for Rolling File appender. |
log4j.appender.R.layout.ConversionPattern |
Layout setting for Rolling File appender. |
Enabling the Syslog Appender
Change the following entry to S to attach a Syslog appender:
log4j.rootLogger=debug, S
Uncomment the following entries:
log4j.appender.S=org.apache.log4j.net.SyslogAppender
log4j.appender.S.Host=localhost
log4j.appender.S.Port=port
log4j.appender.S.Protocol=SSL
log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem
log4j.appender.S.Threshold=INFO
log4j.appender.S.Facility=USER
log4j.appender.S.layout=org.apache.log4j.PatternLayout
log4j.appender.S.layout.ConversionPattern%c: =%m%n
Log in to iManager and change the log events.
For more information on changing log levels by using iManager, see Setting the Log Level and Maximum Log Size.
Restart eDirectory.
Enabling the Rolling File Appender
The Rolling File appender is preferred, if the auditing solution is limited to an individual server. Rolling file appender is more reliable compared to the Syslog appender because it uses the file connector to send events from your local file system to the auditing server.
Change the following entry to R to attach a Rolling File appender:
log4j.rootLogger=debug, R
Uncomment the following entries:
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=/var/opt/novell/eDirectory/log/cef-events.log
log4j.appender.R.MaxFileSize=100MB
log4j.appender.R.MaxBackupIndex=10
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c %m%n
Log in to iManager and change log levels.
For more information on changing log levels by using iManager, see Setting the Log Level and Maximum Log Size.
Restart eDirectory.
The following is a sample auditlogconfig.properties file for the Java Remote Loader and the Fanout agent.
# Defines location of Syslog server. #SyslogHost=localhost #SyslogPort=port # Specify protocol to be used (UDP/TCP/SSL) #SyslogProtocol=TCP # Specify SSL keystore file for SSL connection. # File path should be given with double backslash. #SyslogSSLKeystoreFile=/opt/netiq/idm/jre/lib/security/cacerts # Specify SSL keystore password for SSL connection. #SyslogSSLKeystorePassword=password # Defines caching for SyslogAppender. # Inputs should be yes/no #CacheEnabled=yes # Cache location directory # Directory should be available for creating cache files #CacheDir=/tmp/IDMcache # Cache File Size # Cache File size should be in the range of 50MB to 4000MB #CacheRolloverSize=50 # Log file for appender #FileAppenderFileName=/var/opt/novell/log/cef-events.log
The following table provides an explanation of each property in the auditlogconfig.properties file:
Setting |
Description |
---|---|
SyslogHost |
Specifies the location of the Syslog server where audit events are logged. |
SyslogPort |
The port at which the Auditing server connects to the Syslog server. If the connection between Auditing server and the Syslog server fails, Identity Manager cannot log events until the connection is restored. |
SyslogProtocol |
Specifies the protocol to use. For example, UDP, TCP, or SSL. |
SyslogSSLKeystoreFile |
Specifies the SSL certificate file for the SSL connection. Use double backslashes to specify the path of the file. This is an optional setting. |
SyslogSSLKeystorePassword |
Specifies the keystore password for the SSL connection. |
CacheEnabled |
Specifies caching for SyslogAppender. The values can be yes or no. |
CacheDir |
Specifies the directory for storing the cache file. |
CacheRolloverSize |
Specifies the size of the cache file. The range is 50 MB to 4000 MB. |
FileAppenderFileName |
Specifies the log file for appender. |
AppendComponentName |
Specifies whether you want to append the component name before the event message. You can set this option to Yes if you are using Sentinel as your auditing solution. |