Environment
Novell Audit 2.0.2 Platform Agent
Novell eDirectory 8.8 for Linux
Novell Identity Manager Identity Manager 3.0
Novell SUSE Linux Enterprise Server 9
Situation
IDM events were being logged by Novell Audit.
Upgraded IDM, and since the upgrade, IDM events are no longer
being saved in Novell Audit.
The fix below has been implemented, but now ndsd is consuming
all CPU resources.
Resolution
The problem is that the IDM install will lay down a
logevent.conf file that has the following setting:
LogHost=Not Configured
What this essentially does is it tells the local auditing
pieces that auditing is not configured and any events that come
into logevent should be discarded.
FIX:
To fix the problem, please do the following:
1.) Make sure you are root.
2.) Go to /etc/ and open the logevent.conf file.
You can use vi to edit the logevent.conf file.
3.) Change the LogHost=Not Configured entry to be
LogHost=.
4.) Stop and start eDirectory (ndsd).
5.) If events don't start after starting ndsd, you may
need to restart your server.
6.) If you experience high CPU utlization in ndsd,
please see the "Additional Notes" section below.
Additional Information
a.) Login to iManager. Typically this is done athttp:///nps/iManager.html .
b.) Click on the "Auditing and Logging" link. Click on the "Logging Server Options". Browse to your Secure Logging Server (SLS) object. Normally the SLS is located in the"Logging Services" container just off of root. Once you have your SLS, click on the "OK" button.
c.) Click on the "Log Applications" tab. Put a check mark next to the log application you wish to delete. In this case it will be Identity Manager. Click on the "Application Actions" link and click on "Delete". You may be prompted to confirm you selection.
d.) Once the application has been deleted, put a check mark next to "Applications" and click on the "Application Actions" link. Select "New". Put in the name of the application (Identity Manager). Then browse out to where your LSC file is contained. The Identity Manager instrumentation's LSC file is dirxml.lsc. Once you have selected the Identity Manager LSC file, click on the OK button.
e.) Now that you have your log application installed, shutdown and restart the SLS (lengine).
b.) Click on the "Auditing and Logging" link. Click on the "Logging Server Options". Browse to your Secure Logging Server (SLS) object. Normally the SLS is located in the"Logging Services" container just off of root. Once you have your SLS, click on the "OK" button.
c.) Click on the "Log Applications" tab. Put a check mark next to the log application you wish to delete. In this case it will be Identity Manager. Click on the "Application Actions" link and click on "Delete". You may be prompted to confirm you selection.
d.) Once the application has been deleted, put a check mark next to "Applications" and click on the "Application Actions" link. Select "New". Put in the name of the application (Identity Manager). Then browse out to where your LSC file is contained. The Identity Manager instrumentation's LSC file is dirxml.lsc. Once you have selected the Identity Manager LSC file, click on the OK button.
e.) Now that you have your log application installed, shutdown and restart the SLS (lengine).
f.) You will also need to stop and start ndsd on the
server that is running Identity Manager.