To log to a Novell Audit or Sentinel server:
Add the Identity Manager application schema to the Novell Audit server as a log application
This step applies to Novell Audit only. For more information, see Section 3.2.1, Adding the Identity Manager Application Schema to your Novell Audit Server as a Log Application
Configure the Novell Audit platform agent on your application server
The Platform Agent is required on any client that reports events to Novell Audit or Sentinel. You configure the platform agent through the logevent configuration file. This file provides the configuration information that the platform agent needs to communicate with the Novell Audit server. The default location for this file, on the application server, is:
Linux: /etc/logevent.conf
Windows: /<WindowsDir>/logevent.cfg (Usually c:\windows)
Specify the following four properties:
Loghost: The IP address or DNS name of your Novell Audit or Sentinel server. For example:
LogHost=xxx.xxx.xxx.xxx
LogJavaClassPath: The location of the lcache jar file NauditPA.jar. For example:
LogJavaClassPath=/opt/novell/idm/NAuditPA.jar
LogCacheDir: Specifies where lcache stores cache files. For example:
LogCacheDir=/opt/novell/idm/naudit/cache
LogCachePort: Specifies on which port lcache listens for connections. The default is 288, but in a Linux server, set the port number greater than 1000. For example:
LogCachePort=1233
BigData Specifies the maximum number of bytes that the client will allow. Larger amounts of logging data will be truncated. The default value is 3072 bytes, but you should change this to at least 8192 bytes to handle a typical form that has approximately 15 fields on a half page.
LogMaxBigData=8192
IMPORTANT:If your data is very large, you may want to increase this value. If you are logging events that include digital signatures, it is critical that the value of LogMaxBigData be large enough to handle the data being logged.
Specify any other settings needed for your environment.
NOTE:You must restart the Platform Agent any time you change the configuration.
For more information about the structure of the logevent configuration file, see the section on configuring platform agents in the section on the logging system in the Novell Audit Administration Guide.
Enable Novell Audit or Sentinel logging.
This step applies to both Novell Audit and Sentinel. For more information, see Section 3.2.2, Enabling Audit or Sentinel Logging.
If you are using Novell Audit (not Sentinel), you need to add the schema to your Novell Audit Server as a log application. This section applies to Novell Audit only.
To configure Audit to use the Identity Manager User Application as a log application:
Locate the following file:
dirxml.lsc
This file is located in the Identity Manager User Application installation directory after the install, for example /opt/novell/idm.
Use a Web browser to access an iManager with the Novell Audit plug-in installed, and log in as an administrator.
Go to
and select .Browse to the Logging Services container in your tree and select the appropriate Audit Secure Logging Server. Then click
.Go to the
tab, select the appropriate Container Name, and click the link.When the New Log Application dialog box displays, specify the following:
For this setting |
Do this |
---|---|
|
Type any name that is meaningful for your environment |
|
Use the dirxml.lsc file button to select the |
Click
. The displays the added application name.Click
to complete your Novell Audit server configuration.Make sure the status on the Log Application is set to ON. (The circle under the status should be green. If it is red, click it to switch it to ON.)
Restart the Novell Audit server to activate the new log application settings.
To enable Novell Audit or Sentinel logging in your Identity Manager User Application:
Log in to the User Application as the User Application Administrator.
Select the
tab.Select the
link.Select the
check box (near the bottom of the page).To save the changes for any subsequent application server restarts, make sure
is selected.Click
.NOTE:To enable logging for Role events, the Role Service driver Generate audit events property must be selected. For more information on this property, see Section 2.10.1, Role Service Driver Configuration.
If you log events to the Novell Audit database channel, you can run reports on the data. There are several ways to generate reports against data logged to a Novell Audit database:
Use the Novell Audit Report application to run your own reports or to run the predefined reports described in Predefined Log Reports for Novell Audit.
Write queries against the logged data by using iManager to select
(Novell Audit only).Write your own SQL queries against the logged data.
Produce Identity Manager reports in Sentinel (see Sentinel Reports).
The default Novell Audit table is called NAUDITLOG.
The following predefined log reports are created in Crystal Reports (.rpt) format for filtering data logged to the Novell Audit database:
Report Name |
Description |
---|---|
Administrative Action |
Shows all administrative actions initiated from the Identity Manager User Application portal. This report includes the administrator who initiated the action. It excludes any administrative changes made using iManager or the Designer for Identity Manager. |
Historical Approval Flow |
Shows all approval flow activities for a specified time frame. |
Resource Provisioning |
Shows all provisioning activities, sorted by resource. |
User Audit Trail |
Shows all activity relating to a user. Activities include both provisioning and self-service activities. |
Specific User Provisioning |
Shows all provisioning activities for a specific user. |
User Provisioning |
Shows all provisioning activities, sorted by user. |
The following graphic shows an example of the Specific User Audit Trail report:
Figure 3-1 Sample Audit Trail Report
The report files are in the following locations:
Platform |
Location |
---|---|
Windows |
/nt/dirxml/reports |
You can use these reports as templates for creating custom reports in the Crystal Reports Designer or you can run the reports using Audit Report (lreport.exe), a Windows program supplied with Novell Audit. The predefined reports query data from the default Novell Audit log database named naudit and a database table named nauditlog. If your Novell Audit log database has a different name, use the menu item in Crystal Reports Designer to replace the naudit database name with the one in your environment.
For more information, see the section on working with reports in the Novell Audit documentation.
If you have configured the platform agent to send events to Sentinel, you can produce the following reports about Identity Manager events in Sentinel:
Account_Access_Assignments_[Oracle/SQL].rpt
Collector_Pack_Audit_Trail_[Oracle/SQL].rpt
Object_Provisioning_[Oracle/SQL].rpt
Periodic_Password_Change_Violations_[Oracle/SQL].rpt
Self_Password_Changes_[Oracle/SQL].rpt
User_Account_Provisioning_[Oracle/SQL].rpt
Account_Trust_Assignments_[Oracle/SQL].rpt
Collector_Pack_Status_Dashboard_[Oracle/SQL].rpt
Password_Management_[Oracle/SQL].rpt
Periodic_Password_Change_Violations_Test_[Oracle/SQL].rpt
Top_10_Dashboard_[Oracle/SQL].rpt
User_Status_Management_[Oracle/SQL].rpt
Administrative_Activity_[Oracle/SQL].rpt
Configuration_Changes_[Oracle/SQL].rpt
Password_Resets_[Oracle/SQL].rpt
Resource_Request_Errors_[Oracle/SQL].rpt
Top_10_Object_Access_Dashboard_[Oracle/SQL].rpt
Workflow_Proxy_Delegation_Management_[Oracle/SQL].rpt
Authentication_by_Server_[Oracle/SQL].rpt
Event_Count_Trend_[Oracle/SQL].rpt
Per_Object_Modification_[Oracle/SQL].rpt
Resource_Requests_Rejected_[Oracle/SQL].rpt
Trust_Access_Assignments_[Oracle/SQL].rpt
Authentication_by_User_[Oracle/SQL].rpt
Inactive_Users_[Oracle/SQL].rpt
Per_Trust_Modification_[Oracle/SQL].rpt
Resource_Requests_by_Process_[Oracle/SQL].rpt
Trust_Management_[Oracle/SQL].rpt
Collector_Management_[Oracle/SQL].rpt
Inactive_Users_Test_[Oracle/SQL].rpt
Per_User_Modification_[Oracle/SQL].rpt
Resource_Requests_by_User_[Oracle/SQL].rpt
Trust_Provisioning_[Oracle/SQL].rpt
You can access the full set of reports by downloading the Novell Identity Manager collector pack.