The Novell SecureLogin Event Service is a client based tool that can periodically poll the Windows Event Log, retrieve the SecureLogin events, and send them to the Audit server. In Sentinel Log Manager you can view all or specific SecureLogin event logs that are sent from every system that runs this tool.
Using this tool avoids configuring Sentinel Connector for all the Windows systems in a large deployment via the WMS connector; and also prevents the workload of Sentinel Collector Manager from making multiple connections to each machines to pull logs. In addition, as this service can be run or stopped as required, it allows efficient functioning of other processes as well. The tool runs independently without any supporting applications and additional configurations.
NOTE:Apart from Sentinel Log Manager, other syslog servers also can use this tool.
The event service tool uses the connection settings specified in the nslevtsvc.ini file. On a Windows XP machine, the default location of the file is, C:\Documents and Settings\All Users\Application Data\Novell\SecureLogin Event Service\. On a Windows Vista or a Windows 7 machine, the default location of the file is, C:\ProgramData\Novell\SecureLogin Event Service\.
When restarted, this tool starts retrieving the events from the position at which the tool stopped retrieving events, and pushes the received events to the Audit server.
You can configure the tool to send the events via a TCP or SSL connection to the Audit server. The tool sends the events in the JSON format, which allows sending the event data with advanced data structures.
As part of the SecureLogin installation, the Event Service tool also gets installed.
NOTE:To install Novell SecureLogin without SecureLogin Event Service, use the command msiexec /i "Novell SecureLogin.msi" X_NSLEVTSVC="No".
You can choose to configure the connection settings either by using the MSI command line switch, or by changing the INI file.
You can change the connection settings for the SecureLogin Event Service by using the msi package via command line.
Open the the command prompt and go to the location where Novell SecureLogin.msi is available.
To specify values for the server, port, and connection method, run the following command:
msiexec /i "Novell SecureLogin.msi" NSLEVTSVCSRV=ip-address
NSLEVTSVCPORT=port NSLEVTSVCSSL=true or false
In this command, replace ip-address with the IP address of the server, port with the port to which events will be pushed, true to enable the secure connection or false to use the TCP connection.
After installing, you can configure the connection settings by changing connection details.
Go to the location where the nslevtsvc.ini file is available .
Open the nslevtsvc.ini file in a text editor.
Specify the values for the server, port and use_ssl properties.
To activate the SecureLogin Event Service, restart the service or the system.