Environment
Novell Audit Platform Agent 2.0.2
Situation
The Novell Audit Platform Agent (PA) is configured via the
/etc/logevent.conf file and this file is to configure all uses of
the PA libraries on a single system. Each time the PA
libraries are loaded they attempt to spawn an instance of the
lcache process for caching purposes should the connection to
Sentinel, Log Manager, or another auditing server cease to function
for any reason. In many environments this works properly but
because of the system-wide configuration file and the potential for
multiple Novell Audit-enabled services on a single system,
conflicts can arise leading to intermittent functionality and
potentially lost data.
Resolution
A best practice when using any instance of the PA is to only have
one instance loaded per system. Audit-enabled applications,
where possible, should be individually placed on a given system
with a few exceptions. Within eDirectory there is the
possibility to audit eDirectory, the Identity Manager engine,
Novell Modular Authentication Services (NMAS), and
SecretStore. All of these run within the ndsd process and
therefore may be on a single system together. Anytime
auditing is not enabled the limit of one application per system
does not apply.
The Identity Manager User Application, iManager, Password Management Framework (PMF), and some pieces of Novell Access Manager (NAM) use the Java-based Platform Agent. Because each of these services will likely run as different users each must be on its own system for auditing to work properly. When non-root instances are in use additional configuration options must be applied so ensure that non-privileged ports are used for lcache operation as well as directory structures that the non-root users can access and modify.
The Identity Manager User Application, iManager, Password Management Framework (PMF), and some pieces of Novell Access Manager (NAM) use the Java-based Platform Agent. Because each of these services will likely run as different users each must be on its own system for auditing to work properly. When non-root instances are in use additional configuration options must be applied so ensure that non-privileged ports are used for lcache operation as well as directory structures that the non-root users can access and modify.