Environment
Novell Audit 2.0.2 Platform Agent
Sentinel 6.0.xx Sentinel Control Center
Sentinel 6.0.xx Sentinel Event Source Management
RedHat Linux
Situation
The Novell Audit platform agent is installed on the Red Hat
Linux server.
In the LogHost= parameter in the /etc/logevent.conf file
points to the Sentinel connector on the Sentinel Collector Manager
hosting the NAudit collector.
In Sentinel Event Source Management, you see the platform
agent connect, but no data is received.
Resolution
Some versions of Linux, particularly Red Hat Linux, creates a
single entry in the /etc/hosts file on the loopback address of
127.0.0.1. Because the DNS name and local host are on the
loopback address, the Novell Audit platform agent will connect to
the Sentinel Collector Manager Server hosting the NAudit
collector, but no events will be saved. Here is an example of
a problematic /etc/hosts file:
127.0.0.1 tblarsen1.provo.novell.com tblarsen1
localhost.localdomain localhost
To fix it, please do the following within the /etc/hosts
file:
# 127.0.0.1 tblarsen1.provo.novell.com tblarsen1
localhost.localdomain localhost
127.0.0.1 localhost
10.1.2.3 tblarsen1.provo.novell.com
tblarsen1
(NOTE: Please replace the IP address 10.1.2.3 with your
own statically assigned IP address.)
You may need to stop and start the Novell Audit
instrumentation for these changes to take effect. Please
login as root before performing the commands below:
ndstrace -c "unload auditds"
ndstrace -c "load auditds"
If the problem persists, you may need to stop and start
eDirectory on that server. Please login as root before
performing the commands below:
/etc/init.d/ndsd stop
/etc/init.d/ndsd start
NOTE: Stopping ndsd on your Linux system will result in
eDirectory services not being available on your Linux server.
Please make sure that you stop and start eDirectory at a time that
will least impact your production eDirectory environment.
Additional Information
This issue is similar to the issue found in KB 3951877.