NetIQ Access Gateway naudit platform agent fills up the log volume (nproduct.log)

  • Document ID:7012078
  • Creation Date:04-Apr-2013
  • Modified Date:21-Nov-2013
    • Micro Focus Products:
      Access Manager (NAM)

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2.1
NetIQ Access Manager 3.2.1 IR1a
NetIQ Access Manager 3.2.2
NetIQ Access Manager 3.2.2 IR1

Situation

  • Access Gateway slows down due to low disk space
  • The "/var/opt/novell/naudit/nproduct.log" naudit log file grows up rapidly until the complete disk space has been used
  • nproduct.log stores the following log entries:

    Wed Mar 20 15:48:12 2013 [Novell Audit Cache]: [UploadBackupCache]Going to connect to the SLS/Sentinel
    Wed Mar 20 15:48:12 2013 [Novell Audit Cache]: [UploadBackupCache]Going to connect to the SLS/Sentinel
    Wed Mar 20 15:48:12 2013 [Novell Audit Cache]: [UploadBackupCache]Going to connect to the SLS/Sentinel
    Wed Mar 20 15:48:12 2013 [Novell Audit Cache]: [UploadBackupCache]Going to connect to the SLS/Sentinel

  • System has been migrated from NAM 3.1.4 to NAM 3.2
  • "Novell Audit Logging" has not been enabled
  • Communication between the naudit platform agent and the naudit server running on the NetIQ Access Manager Console server works fine.

Resolution

  • check if the Secure Logging Server (lengine) is up and running on your Access Manager Console Server using:

    /etc/init.d/novell-naudit status
    lengine is loaded from ./lengine with process ID 4172


  • check the listening port of the Secure Logging Server running on the Access Manager Console using:

    netstat -pnat | grep lengine
    tcp  0  0 0.0.0.0:1289  0.0.0.0:*  LISTEN  4172/lengine


  • use iManager => "Auditing" and change "Port:" from "289" to "1289".
    This will be pushed down to all devices

  • in case you like to keep on using port "289" use iManager => "Auditing and Logging"=> "Logging Server Options" => configuration" => "Secure Logging Server Port" to save port 289 (already pre-filled but not stored).

  • restart your NetIQ Access Gateway Server

Cause

The Secure Logging Server (lengine) running on the Access Manager Console default listening port changed from "289" to "1289" in case the server object has been left with the default configuration.

Additional Information

Use netstat -patune | grep lengine on your Access Manager console server in order to find out the current listening port.