NOTE:Support for OpenXDAS will be deprecated from Identity Manager 4.6.
To use OpenXDAS for logging events, you must install, configure, then enable OpenXDAS in the User Application. To learn about:
Installing Open XDAS, see the OpenXDAS instructions at OpenXDAS.org
Configuring OpenXDAS logging, see the “OpenXDAS Logger Configuration” in the OpenXDAS User’s Manual.
The OpenXDAS daemon or service (xdasd) must be running when you start the User Application (if you have enabled OpenXDAS logging). For this reason, you should configure the OpenXDAS daemon to start automatically.
On Linux, use the /etc/init.d/xdasd start command to start the daemon. To start it automatically, change the runlevel using the “System Services” editor (SUSE) or directly edit the /etc/init.d/rc* directories.
On Windows, install as a service, or use the command-line options on xdasd.exe to create the service. See “Command Line Configuration” in the OpenXDAS User’s Manual.
If your OpenXDAS daemon/service is not running and you are configured for OpenXDAS logging you'll get a error stack trace and the User Application might not start successfully. The error message looks like this:
"ERROR [com.sssw.fw.servlet.Boot:contextInitialized] Unable to configure logging. com.novell.soa.common.LocalizedRuntimeException: Error Initializing OpenXDAS Audit."
To use OpenXDAS with Sentinel, you must configure the netstream logger. The netstream logger is undocumented, but it is required to send XDAS audit messages to a Sentinel server. The netstream logger does not perform any encryption, so the stream needs to be secured in another way (for example, SSH tunnel).
You must specify netstream entries in the xdasd.conf file for the loggers, server and port. For example on Linux:
xdasd.loggers=/usr/lib64/openxdas/libxdm_netstream.so
xdasd.loggers.netstream.server = 151.155.226.50 xdasd.loggers.netstream.port = 1468
On Windows, the server and port entries are the same, but the location of the xdasd.loggers entry is different. For example, on Windows:
xdasd.loggers=c:\Program Files\OpenXDAS\Loggers\xdm_netstream.dll
xdasd.loggers.netstream.server = 151.155.226.50 xdasd.loggers.netstream.port = 1468
NOTE:On Windows, you must move the xdasd.conf file to the c:\windows folder. If you do not, the xdasd.exe is unable to locate it.
You can enable OpenXDAS logging in your Identity Manager User Application in two ways:
Select OpenXDAS as a logging option during the installation procedure.
Enable OpenXDAS logging using the User Application Administration (described next).
To enable OpenXDAS logging, perform the following actions:
Log in to the User Application as the User Application Administrator.
Select the Administration tab.
Select the Logging link.
Select the Also send logging messages to OpenXDAS check box (near the bottom of the page).
To save the changes for any subsequent application server restarts, make sure Persist the logging changes is selected.
Click Submit.
NOTE:To enable logging for Role events, the Role Service driver Generate audit events property must be selected. For more information on this property, see Section 2.7.1, Role Service Driver Configuration.
For troubleshooting information, see Section 25.2, Troubleshooting Open XDAS Logging.