Common Event Format (CEF) Audit comes with iManager by default. CEF Audit captures data about the following events:
Added Authorized User
Successful Login
Successful NPM Install
Startup iManager
Failed SSL Connection
Logout
Changed Configuration
Successful NPM Upload
Failed Login
Failed NPM Install
Shutdown iManager
To enable CEF audit for iManager:
Log in to iManager.
Click Configure > iManager Server > Configure iManager.
In the Configure iManager page, on the Security tab, select Enable CEF Audit.
Select the events you want to record, and then click Save.
Table 9-2 lists the default location of the auditconfig.properties file in different operating systems. You can customize the file according to your requirements.
Table 9-6 Location of the CEF Configuration File
Operating System |
File |
---|---|
Linux |
/var/opt/novell/iManager/nps/WEB-INF/imanager_logging.xml |
Windows |
c:\Program Files\Novell\Tomcat\webapps\nps\WEB-INF\imanager_logging.xml |
Linux and Windows Workstation |
<unzipped workstation folder>\imanager\tomcat\webapps\nps\WEB-INF\imanager_logging.xml |
Table 9-3 lists the CEF configuration files.
Table 9-7 CEF Configuration File
Options |
Name |
---|---|
Syslog Appender |
CEFSyslog |
Rolling File Appender |
CEF_FILE_APPENDER |
The following table provides an explanation of each setting in the imanager_logging.xml file.
Table 9-8 Syslog Settings
Setting |
Description |
---|---|
syslogHost |
IP address of the host in which the Audit server is running. |
syslogProtocol |
The protocol that must be used for communication (UDP/TCP/SSL). |
syslogSslKeystoreFile |
Location of the key store file.(Used only for SSL). |
syslogSslKeystorePassword |
Password for the keystore file.(Used only for SSL). |
Threshold |
Specifies the minimum log level allowed in the Syslog appender. Currently, INFO log level is supported. |
Facility=USER |
Specifies the type of facility. The facility is used to try to classify the message.Currently, USER facility is supported. These values may be specified as upper or lower case characters. |
Layout |
Layout setting for Syslog appender. |
Table 9-9 File Appender Settings
Setting |
Description |
---|---|
File= ${catalina.home}/logs/imanager_cef.log |
The default location of the log file for a File appender |
MaxFileSize=10MB |
The maximum size, in MBs, of the log file for a File appender. Set this value to the maximum size that the client allows. |
MaxBackupIndex=10 |
Specifies the maximum number of backup files for a File appender. The maximum number of the backup files can be 10. If the value of MaxBackupIndex is set to 0, no backup file will be created. |
layout class=org.apache.log4j.PatternLayout |
Layout setting for File appender. |
ConversionPattern="%d{MMM dd yyyy HH:mm:ss} %m%n” |
Layout setting for File appender. |
For information about the conversion patterns and their descriptions, see logging.apache.org.
To enable the CEFSyslog appender, make the following changes in the imanager_logging.xml file:
Edit the following entries:
<param name="Facility" value="user"/>
<param name="syslogHost" value=" 192.168.1.5:1468 "/
<param name="syslogProtocol" value="tcp"/>
<param name="syslogSslKeystoreFile" value="/root/Desktop/sentinel/mykeystore.jks"/>
param name="syslogSslKeystorePassword" value="novell"/>
<param name="Threshold" value="INFO"/>
Log into iManager and change the log events.
To enable the File appender, make the following changes in the imanager_logging.xml file:
Edit the following entries:
<param name="File" value="${catalina.home}/logs/imanager.log"/>
<param name="Append" value="true" />
<param name="MaxFileSize" value="10MB" />
<param name="MaxBackupIndex" value="10" />
You can customize the File value in either of the following platforms:
Linux: /home/imanager_cef.log
Windows: C:\\<directory>\\imanager_cef.log
Select the desired event from iManager and save changes.
NOTE:The Failed SSL connection CEF event is logged multiple times because internally several attempts are made to establish an LDAP connection.