Environment
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Storage Services (NSS)
NetIQ eDirectory 8.8
NetIQ Sentinel
NetIQ Sentinel Log Manager
NetIQ Sentinel Rapid Deployment (RD)
NetIQ Sentinel
NetIQ Sentinel Log Manager
NetIQ Sentinel Rapid Deployment (RD)
Situation
- What modules are required for Sentinel to audit NSS and eDirectory events generated on OES servers?
- The documentation is not clear to some administrators how to install the correct modules on to Open Enterprise Server to send events to Novell Sentinel servers.
- Is there a single document that explains how to install the eDirectory and/or NSS Audit instrumentation on OES?
Resolution
The following steps are based around the 64 Bit Platform and links are correct as at 1st October 2015.
Step 1 - Download and extract components
Step 1 - Download and extract components
- (0) Novell Storage Services Vigil Modules (This step is not required for OES2SP3 and later - it is included here for archive reasons only)
- Documentation: Novell Open Enterprise Server Sentinel Collector Guide 6.1r6 Page 7 Steps 5-6
- Download: OES2 SP2 Auditing from https://download.novell.com/patch/finder/
- Tip: Check if the the rpms are already installed with rpm -qa | grep -i vigil
- Example:
novell-vigil-vlog-0.1-0.20
novell-vigil-1.2-0.9
novell-vigil-libs-32bit-1.2-0.7
novell-vigil-libs-1.2-0.7
novell-vigil-kmp-default-1.2_2.6.16.60_0.54.5-0.9 - (1) Novell Audit Platform Agent
- Documentation: Novell Audit Platform Agent Guide - Sentinel Plug-Ins 2011.1r1 Page 11, Section 2.1
- Platform_Agent_2011_1r1.pdf is included in Platform-Agent_2011.1r1.zip, below
- Download: Platform Agent 2011.1r1 from https://download.novell.com/patch/finder/
- Platform-Agent_2011.1r1.zip - https://download.novell.com/Download?buildid=H59EBjYEwfk~
- Extract: /Linux64/novell-AUDTplatformagent-2.0.2-68.x86_64.rpm
- (2) Novell eDirectory Instrumentation
- Documentation: Collector for NetIQ eDirectory Collector Version: 2011.1r4 Page 8, Section 3.1.1
- Download: NetIQ eDirectory 8.8.8 Install for Non-OES Linux Platforms from https://download.novell.com/patch/finder/
- eDirectory_88SP8_Linux_x86_64.tar.gz - https://download.novell.com/Download?buildid=oHdJl37wCb0~
- Extract: /setup/novell-AUDTedirinst-8.8.8.0-41.x86_64.rpm
- Tip: To avoid the problem described in TID 7014219 by having to edit java.security as a workaround, download the latest eDirectory 8.8 SP8 Patch x for Linux from https://dl.netiq.com/patch/finder/#bu=netiq&familyId=112&productId=46324 and extract the current version of /setup/novell-AUDTedirinst-8.8.8.n-nn.x86_64.rpm from it
- (3a) Novell VLog Collector
- Documentation: OES Agent README
- Download: OES Agent from the Utilities Tab at https://www.netiq.com/support/sentinel/plugins/
- (3b) Novell VLog Collector (This step is not required from October 2015 onwards - it is included here for archive reasons only)
- Documentation: Novell Open Enterprise Server Sentinel Solution Pack README
- Download: Novell Open Enterprise Server from the Solution Packs Tab at https://www.netiq.com/support/sentinel/plugins/
- Novell_Open-Enterprise-Server_6.1r6.spz.zip - https://www.netiq.com/support/sentinel/plugins/prod/solutions/Novell_Open-Enterprise-Server_6.1r6.spz.zip
- Extract: vlog-v2sent using Collector Pack Extractor - see (4) below
- (4) Collector Pack Extractor (This step is not required from October 2015 onwards - it is included here for archive reasons only)
- Documentation: Sentinel Collector Pack Extractor 6.1r6 Page 6, Section 3
- Download: Collector Pack Extractor from the Utilities Tab at https://www.netiq.com/support/sentinel/plugins/
- cpextractor_6.1r1.jar - https://www.netiq.com/support/sentinel/plugins/prod/utilities/cpextractor_6.1r1.jar
- Install: java -jar cpextractor_6.1r1.jar in the directory where the *.spz.zip files (from 3b, above) exist
- (5) Novell Sentinel Agent
- Documentation: Novell Sentinel Agent 2011.1r1 Page 12, Section 2.1.2
- Download: Sentinel Agent from the Utilities Tab at https://support.novell.com/products/sentinel/secure/sentinelplugins.html
- Sentinel-Agent_2011.1r1.zip - https://www.netiq.com/support/sentinel/plugins/prod/utilities/Sentinel-Agent_2011.1r1.zip
- Extract: sentagentsetup_64
- (6) Copy (from 1, above) to OES: novell-AUDTplatformagent-2.0.2-68.x86_64.rpm
- Install: rpm -Uvh novell-AUDTplatformagent-2.0.2-68.x86_64.rpm
- Tip: Check the rpm is installed correctly with rpm -qi novell-AUDTplatformagent
- (7) Copy (from 2, above) to OES: novell-AUDTedirinst-8.8.8.0-41.x86_64.rpm
- Install: rpm -Uvh novell-AUDTedirinst-8.8.8.0-41.x86_64.rpm
- Tip: Check the rpm is installed correctly with rpm -qi novell-AUDTedirinst
- Tip: Check /etc/logevent.conf ensuring that the Sentinel server name/address is filled in correctly
- Example: LogHost=192.168.12.34 LogEnginePort=1289
- Tip: The following can be used to start the module immediately instead of restarting eDirectory or rebooting
- ndstrace -c "load auditds"
- Tip: Check /etc/opt/novell/eDirectory/conf/ndsmodules.conf ensuring that the module will automatically load
- Example: auditDS auto #NSure Audit
- (8) Copy (from 5, above) to OES: sentagentsetup_64
- Prepare: chmod 755 sentagentsetup_64 and chown root:root sentagentsetup_64
- Install: ./sentagentsetup_64
- Tip: Check /usr/local/sbin/sentagent.properties ensuring that the Sentinel server name/address is filled in correctly
- Example: HOSTNAME=192.168.12.34 PORTNO=1468
- (9) Copy (from 3a, above) to OES: vlog-v2sent
- Prepare: chmod 755 vlog-v2sent and chown root:root vlog-v2sent
- Install: ./vlog-v2sent
- Tip: Use /etc/init.d/sentagent start|stop|status as appropriate
- Tip: /etc/init.d/sentagent start must only be executed after the vlog-v2sent step has been completed or Unable to read from file /usr/local/sbin/sentsubagent.conf errors will be displayed
- Tip: Check the vlog command line in /usr/local/sbin/sentsubagent.conf contains the -Q parameter
- Example vlog /opt/novell/vigil/bin/vlog --v2sent -Q -F /usr/local/sbin/vlogfilters
- For further information, see TID 7009667 - OES stops sending NSS audit events to Sentinel server
Additional Information
Important - Sentinel and OES must be configured correctly
These instructions are meant to be read in addition to the official documentation and not instead of.
- The NetIQ eDirectory Collector and Novell Open Enterprise Server Collector will need to be downloaded from the Collectors Tab at https://www.netiq.com/support/sentinel/plugins/ and installed and configured via the Sentinel Control Centre (SCC)
- The NetIQ Audit Connector and Syslog Connector will need to be downloaded from the Connectors Tab at https://www.netiq.com/support/sentinel/plugins/ and installed and configured via the Sentinel Control Centre (SCC)
- The NSS and eDirectory events to be logged will need to be configured via iManager (NCP Server Object's Novell Audit tab)
A valid Novell login may be required for some downloads.
Ensure the core Sentinel product is at the latest code level - https://download.novell.com/patch/finder/#familyId=14224
Ensure the core Sentinel product is at the latest code level - https://download.novell.com/patch/finder/#familyId=14224
These instructions are meant to be read in addition to the official documentation and not instead of.