9.1 Enabling Novell Auditing in iManager

To configure Novell Audit, do the following:

  1. Install iManager 3.0.

  2. Login to iManager and navigate to Configure > iManager Server >Configure iManager and click Add Authorized Users.

  3. Select Enable NetIQ Audit, and select the required iManager events to audit.

  4. From the eDirectory 9.0 installation package, install Platform Agent.

    NOTE:If your server already has a consumer of nauditpa.jar, perform the following steps:

    • Do not modify the logevent file (skip step 5).

    • Do not change the ownership of the naudit folder.

    • Add novlwww user to the idvadmin group and create a .profile for novlwww user with umask setting of 0002.

  5. Modify the logevent file depending on your platform.

    • Linux: Perform the following actions:

      1. Edit the following entries in the /etc/logevent.conf file:

        LogHost=IP_Address_of_secure_logging_server
JLogCacheDir=/var/opt/novell/naudit/jcache
JLogCachePort=1287
LogCachePort=1288
LogJavaClassPath=/var/opt/novell/iManager/nps/WEB-INF/lib/NAuditPA.jar
LogMaxBigData=8192
LogEnginePort=1289
LogCacheUnload=no
LogCacheSecure=no
LogCacheLimitAction=keep logging

      2. (Conditional) Manually create the naudit folder in the /var/opt/novell/ location.

        Change the permission to novlwww for the /var/opt/novell/naudit folder by running the following command:

        chown -R novlwww:novlwww naudit/

    • Windows: Edit the following entries in the logevent.cfg from C:\Windows location:

      LogHost=IP_Address_of_secure_logging_server
JLogCacheDir=/var/opt/novell/naudit/jcache
JLogCachePort=1287
LogCachePort=1288
LogJavaClassPath=/var/opt/novell/iManager/nps/WEB-INF/lib/NAuditPA.jar
LogMaxBigData=8192
LogEnginePort=1289
LogCacheUnload=no
LogCacheSecure=no
LogCacheLimitAction=keep logging

  6. Depending on your platform, uncomment the following entries in the imanager_logging.xml file:

    • Linux: Uncomment <appender-ref ref="NAUDIT_APPENDER"/> entry.

      The imanager_logging.xml file is located in the /var/opt/novell/iManager/nps/WEB-INF/ directory.

    • Windows: Uncomment <appender-ref ref="NAUDIT_APPENDER"/> entry.

      The imanager_logging.xml file is located in the C:\Program Files (x86)\Novell\Tomcat\webapps\nps\WEB-INF\directory.

    NOTE:Perform Step 7 to Step 9 if you are using iManager 3.0 SP3 or above. If you are using any previous version of iManager, skip to Step 10.

  7. Create an user certificate for iManager using eDirectory. For more information, see Creating User Certificates in the NetIQ eDirectory Administration Guide.

  8. Export the certificate to .pfx format. For more information, see Importing a Public Key Certificate into a User Object in the NetIQ eDirectory Administration Guide.

  9. Extract the private key to imanipkey.pem and certificate to imanicert.pem files. Copy the generated certificate files (imanicert.pem and imanipkey.pem) to the respective folders of iManager server.

    For Windows:

    • c:\windows\imanicert.pem

    • c:\windows\imanipkey.pem

    For Linux:

    • /etc/imanicert.pem

    • /etc/imanipkey.pem

    Use the following command to extract the Private key and Certificate:

    • To extract private key: openssl pkcs12 -in imanP12File.pfx -nocerts -out imanipkey.pem -nodes

    • To extract certificate: openssl pkcs12 -in imanP12File.pfx -clcerts -nokeys -out imanicert.pem

  10. Restart Tomcat.

  11. Verify if the events are logged into the logging server.

    • Linux: Stop jcache and restart Tomcat. Generate events and check the logging server.

    • Windows: Generate events and check the logging server.