On Red Hat Linux systems, Novell Audit platform agents not connecting to Sentinel 6 server

  • 3827350
  • 10-Sep-2007
  • 26-Apr-2012

Environment

Novell Audit 2.0.2 Platform Agent
Sentinel 6.0.xx Sentinel Control Center
Sentinel 6.0.xx Sentinel Event Source Management
RedHat Linux

Situation

The Novell Audit platform agent is installed on the Red Hat Linux server.
In the LogHost= parameter in the /etc/logevent.conf file points to the Sentinel connector on the Sentinel Collector Manager hosting the NAudit collector.
In Sentinel Event Source Management, you see the platform agent connect, but no data is received.

Resolution

Some versions of Linux, particularly Red Hat Linux, creates a single entry in the /etc/hosts file on the loopback address of 127.0.0.1. Because the DNS name and local host are on the loopback address, the Novell Audit platform agent will connect to the Sentinel Collector Manager Server hosting the NAudit collector, but no events will be saved. Here is an example of a problematic /etc/hosts file:
127.0.0.1 tblarsen1.provo.novell.com tblarsen1 localhost.localdomain localhost
To fix it, please do the following within the /etc/hosts file:
# 127.0.0.1 tblarsen1.provo.novell.com tblarsen1 localhost.localdomain localhost
127.0.0.1 localhost
10.1.2.3 tblarsen1.provo.novell.com tblarsen1
(NOTE: Please replace the IP address 10.1.2.3 with your own statically assigned IP address.)
You may need to stop and start the Novell Audit instrumentation for these changes to take effect. Please login as root before performing the commands below:
ndstrace -c "unload auditds"
ndstrace -c "load auditds"
If the problem persists, you may need to stop and start eDirectory on that server. Please login as root before performing the commands below:
/etc/init.d/ndsd stop
/etc/init.d/ndsd start
NOTE: Stopping ndsd on your Linux system will result in eDirectory services not being available on your Linux server. Please make sure that you stop and start eDirectory at a time that will least impact your production eDirectory environment.

Additional Information

This issue is similar to the issue found in KB 3951877.