How to install Sentinel Audit eDirectory and NSS instrumentation on Open Enterprise Server

  • 7009117
  • 04-Aug-2011
  • 02-Oct-2015

Environment

Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Storage Services (NSS)
NetIQ eDirectory 8.8
NetIQ Sentinel
NetIQ Sentinel Log Manager
NetIQ Sentinel Rapid Deployment (RD)

Situation

  • What modules are required for Sentinel to audit NSS and eDirectory events generated on OES servers?
  • The documentation is not clear to some administrators how to install the correct modules on to Open Enterprise Server to send events to Novell Sentinel servers.
  • Is there a single document that explains how to install the eDirectory and/or NSS Audit instrumentation on OES?

Resolution

The following steps are based around the 64 Bit Platform and links are correct as at 1st October 2015.

Step 1 - Download and extract components
Step 2 - Install the extracted components in the following order
  • (6) Copy (from 1, above) to OES:  novell-AUDTplatformagent-2.0.2-68.x86_64.rpm
    • Install:  rpm -Uvh novell-AUDTplatformagent-2.0.2-68.x86_64.rpm
    • Tip:  Check the rpm is installed correctly with rpm -qi novell-AUDTplatformagent

  • (7) Copy (from 2, above) to OES:  novell-AUDTedirinst-8.8.8.0-41.x86_64.rpm
    • Install:  rpm -Uvh novell-AUDTedirinst-8.8.8.0-41.x86_64.rpm
    • Tip:  Check the rpm is installed correctly with rpm -qi novell-AUDTedirinst
    • Tip: Check /etc/logevent.conf ensuring that the Sentinel server name/address is filled in correctly
      • Example: LogHost=192.168.12.34 LogEnginePort=1289
    • Tip: The following can be used to start the module immediately instead of restarting eDirectory or rebooting
      • ndstrace -c "load auditds"
    • Tip: Check /etc/opt/novell/eDirectory/conf/ndsmodules.conf ensuring that the module will automatically load
      • Example: auditDS auto #NSure Audit
  • (8) Copy (from 5, above) to OES:  sentagentsetup_64
    • Prepare:  chmod 755 sentagentsetup_64 and chown root:root sentagentsetup_64
    • Install:  ./sentagentsetup_64
    • Tip:  Check /usr/local/sbin/sentagent.properties ensuring that the Sentinel server name/address is filled in correctly
      • Example: HOSTNAME=192.168.12.34 PORTNO=1468
  • (9) Copy (from 3a, above) to OES:  vlog-v2sent
    • Prepare:  chmod 755 vlog-v2sent and chown root:root vlog-v2sent
    • Install:  ./vlog-v2sent
    • Tip:  Use /etc/init.d/sentagent start|stop|status as appropriate
    • Tip:  /etc/init.d/sentagent start must only be executed after the vlog-v2sent step has been completed or Unable to read from file /usr/local/sbin/sentsubagent.conf errors will be displayed
    • Tip: Check the vlog command line in /usr/local/sbin/sentsubagent.conf contains the -Q parameter
      • Example vlog /opt/novell/vigil/bin/vlog --v2sent -Q -F /usr/local/sbin/vlogfilters
      • For further information, see TID 7009667 - OES stops sending NSS audit events to Sentinel server

Additional Information

Important - Sentinel and OES must be configured correctly
  • The NetIQ eDirectory Collector and Novell Open Enterprise Server Collector will need to be downloaded from the Collectors Tab at https://www.netiq.com/support/sentinel/plugins/ and installed and configured via the Sentinel Control Centre (SCC)
  • The NetIQ Audit Connector and Syslog Connector will need to be downloaded from the Connectors Tab at https://www.netiq.com/support/sentinel/plugins/ and installed and configured via the Sentinel Control Centre (SCC)
  • The NSS and eDirectory events to be logged will need to be configured via iManager (NCP Server Object's Novell Audit tab)
A valid Novell login may be required for some downloads.

Ensure the core Sentinel product is at the latest code level - https://download.novell.com/patch/finder/#familyId=14224

These instructions are meant to be read in addition to the official documentation and not instead of.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.