Environment
Novell Access Manager 3 Linux Access Gateway
Novell Access Manager 3 Support Pack 3 applied
Auditing enabled for all Access Manager components
Situation
Access Manager setup successfully and users could access protected resources behind the Linux Access Gateway (LAG) without any problems. After about a week of operation, the LAG would appear to hang. No users could access the LAG, and no changes could be applied to the LAG. The LAG services were restarted (/etc/init.d/novell-vmc restart) and the LAG itself was rebooted, but the problem continued.
Looking at the /var/log/ics_dyn.log file, we could see the following information:
The number of Cache Objects on the Disk 0
PROXY_AG:Mempool: :IPool OSPool Allocated (5e2de00c) size:[570216] pool:|0|
0x43e6ab83 0x43e6ae4d 0x445fd690 0x445fd9fa 0x40109a9b 0x445fe5b7 0x445e064c
0x445c1159 0x44b94a65 0x44b8f5ac
RADIUS.RadiusStartupThreadAug 12 16:59:45 lag-rel : AM#404502000:
AMDEVICEID#ag-3975BC30A2C66CC3 : AMAUTHID#0: AMEVENTID#0:
VcpConfiguration::reconfigure starting global NAudit settings
Aug 12 16:59:45 lag-rel : AM#104522000: AMDEVICEID#ag-3975BC30A2C66CC3 :
AMAUTHID#0: AMEVENTID#0: Novell Audit logging configuration changed
Aug 12 16:59:45 lag-rel : AM#104522000: AMDEVICEID#ag-3975BC30A2C66CC3 :
AMAUTHID#0: AMEVENTID#0: Novell Audit logging is being stopped..
Nsure Flag:67b98
Linux Access Gateway:: Novell Audit logging FAILED (LogOpen returned errorcode
9.Log server off line.)
Aug 12 17:00:15 lag-rel : AM#104522000: AMDEVICEID#ag-3975BC30A2C66CC3 :
AMAUTHID#0: AMEVENTID#0: Novell Audit logging FAILED (LogOpen returned
errorcode 9.Log server off line.).
CmdSock: Initial configuration failed: Unable to initialize configuration
systemSCacheCreateWrked for pool Mem 13000
(4)nPollManager::m_serverManager.addPollEventListener(this);
Looking at the /var/log/ics_dyn.log file, we could see the following information:
The number of Cache Objects on the Disk 0
PROXY_AG:Mempool: :IPool OSPool Allocated (5e2de00c) size:[570216] pool:|0|
0x43e6ab83 0x43e6ae4d 0x445fd690 0x445fd9fa 0x40109a9b 0x445fe5b7 0x445e064c
0x445c1159 0x44b94a65 0x44b8f5ac
RADIUS.RadiusStartupThreadAug 12 16:59:45 lag-rel : AM#404502000:
AMDEVICEID#ag-3975BC30A2C66CC3 : AMAUTHID#0: AMEVENTID#0:
VcpConfiguration::reconfigure starting global NAudit settings
Aug 12 16:59:45 lag-rel : AM#104522000: AMDEVICEID#ag-3975BC30A2C66CC3 :
AMAUTHID#0: AMEVENTID#0: Novell Audit logging configuration changed
Aug 12 16:59:45 lag-rel : AM#104522000: AMDEVICEID#ag-3975BC30A2C66CC3 :
AMAUTHID#0: AMEVENTID#0: Novell Audit logging is being stopped..
Nsure Flag:67b98
Linux Access Gateway:: Novell Audit logging FAILED (LogOpen returned errorcode
9.Log server off line.)
Aug 12 17:00:15 lag-rel : AM#104522000: AMDEVICEID#ag-3975BC30A2C66CC3 :
AMAUTHID#0: AMEVENTID#0: Novell Audit logging FAILED (LogOpen returned
errorcode 9.Log server off line.).
CmdSock: Initial configuration failed: Unable to initialize configuration
systemSCacheCreateWrked for pool Mem 13000
(4)nPollManager::m_serverManager.addPollEventListener(this);
Resolution
Delete the cache of the audit platform agent on the LAG from /var/opt/novell/naudit/cache and make sure that the communication between the LAG and the Audit server is up.
The communication between the LAG and the NSure Audit server was down (Audit server had been taken offline) and all audit events were logged to the cache on the LAG, rather than being pushed to the server. The cache itself had grown to about 2GB of data without the Audit server coming back up again and the audit platform agent hung and refused to return the thread back to the application (the proxy). This audit platform issue has been reported to the Audit engineering team.
The ics_dyn.log file includes a message that warns administrators of the potential problem ("Novell Audit logging FAILED") as a troubleshooting tip.
The communication between the LAG and the NSure Audit server was down (Audit server had been taken offline) and all audit events were logged to the cache on the LAG, rather than being pushed to the server. The cache itself had grown to about 2GB of data without the Audit server coming back up again and the audit platform agent hung and refused to return the thread back to the application (the proxy). This audit platform issue has been reported to the Audit engineering team.
The ics_dyn.log file includes a message that warns administrators of the potential problem ("Novell Audit logging FAILED") as a troubleshooting tip.