To use OpenXDAS for logging events, you must install, configure, then enable OpenXDAS in the User Application. To learn about:
Installing Open XDAS, see the OpenXDAS instructions at OpenXDAS.org
Configuring OpenXDAS logging, see the “OpenXDAS Logger Configuration” in the OpenXDAS User’s Manual.
The OpenXDAS daemon or service (xdasd) must be running when you start the User Application (if you have enabled OpenXDAS logging). For this reason, you should configure the OpenXDAS daemon to start automatically.
On Linux, use the /etc/init.d/xdasd start command to start the daemon. To start it automatically, change the runlevel using the “System Services” editor (SUSE) or directly edit the /etc/init.d/rc* directories.
On Windows, install as a service, or use the command-line options on xdasd.exe to create the service. See “Command Line Configuration” in the OpenXDAS User’s Manual.
If your OpenXDAS daemon/service is not running and you are configured for OpenXDAS logging you'll get a error stack trace and the User Application might not start successfully. The error message looks like this:
"ERROR [com.sssw.fw.servlet.Boot:contextInitialized] Unable to configure logging. com.novell.soa.common.LocalizedRuntimeException: Error Initializing OpenXDAS Audit."
To use OpenXDAS with Sentinel, you must configure the netstream logger. The netstream logger is undocumented, but it is required to send XDAS audit messages to a Sentinel server. The netstream logger does not perform any encryption, so the stream needs to be secured in another way (for example, SSH tunnel).
You must specify netstream entries in the xdasd.conf file for the loggers, server and port. For example on Linux:
xdasd.loggers=/usr/lib64/openxdas/libxdm_netstream.so
xdasd.loggers.netstream.server = 151.155.226.50 xdasd.loggers.netstream.port = 1468
On Windows, the server and port entries are the same, but the location of the xdasd.loggers entry is different. For example, on Windows:
xdasd.loggers=c:\Program Files\OpenXDAS\Loggers\xdm_netstream.dll
xdasd.loggers.netstream.server = 151.155.226.50 xdasd.loggers.netstream.port = 1468
NOTE:On Windows, you must move the xdasd.conf file to the c:\windows folder. If you do not, the xdasd.exe is unable to locate it.
You can enable OpenXDAS logging in your Identity Manager User Application in two ways:
Select OpenXDAS as a logging option during the installation procedure.
Enable OpenXDAS logging using the User Application Administration (described next).
Log in to the User Application as the User Application Administrator.
Select the tab.
Select the link.
Select the check box (near the bottom of the page).
To save the changes for any subsequent application server restarts, make sure is selected.
Click .
NOTE:To enable logging for Role events, the Role Service driver Generate audit events property must be selected. For more information on this property, see Section 2.10.1, Role Service Driver Configuration.
If you enable OpenXDAS logging, but the OpenXDAS daemon is not running, the User Application fails to start. View the xdasd.log to verify that XDAS started successfully or to determine the reason for an unsuccessful start.
If you stop OpenXDAS and restart it, you must also stop and restart the User Application. If you do not restart the User Application, the connection between OpenXDAS and the User Application is lost so no User Application events are logged.
Table 3-1 Commands for Starting/Stopping the XDASD daemon/service
|
Action |
Command |
|---|---|
|
To start XDAS |
xdasd -s |
|
To stop XDAS |
xdasd - x |