NetIQ Access Manages naudit server does not work anymore after migratiing from 3.1.4 to 3.2

  • Document ID:7012099
  • Creation Date:09-Apr-2013
  • Modified Date:10-Apr-2013
    • Micro Focus Products:
      Access Manager (NAM)

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2.1

Situation

  • NetIQ Access Manager Console (AC) has been configured to run the naudit server component (lengine)

  • No configuration changes have been applied to Auditing before or after running the NAM 3.1.4 to NAM 3.2 migration process (default settings are used)

  • The naudit server (lengine) has been started on the AC without any problems

Resolution

There basically two solutions for this issue depending on the fact if the naudit Loggin Server configuration
  1. configure all naudit platform agents to make use of port "1289"
    => open iManager
    => Auditing
    => Auditing
    => change the Port configuration option from "289" to "1289"

  2. configure the naudit Logging Server to use port "289"
    => open iManager
    => Roles and Tasks
    => Auditing and Logging
    => Logging Server Options
    => navigate to: [TreeName] Logging Server.Logging Services
    => configuration
    => Apply port "289" on Secure Logging Server Port (default / prefilled)
Note: The reason for changing the default port from "289" to "1289" is the fact that ports above "1024" do not require root privilege in order to register a listening port

Cause

With NetIQ Access Manager 3.2 a new naudit server has been shipped which is not longer listening on tcp port: "289" per default. Instead the new naudit server will listen on default tcp port: "1289".

The migration process will not take of this change in order to change the platform agent configuration to make use of the new port

Note: The default port will only be used in case eDirectory does not store any configuration on the NAuditServer object NAuditConfiguration attribute as ServerPort:[Value]

Additional Information

Troubleshooting:
  • On Linux:

    • check if the naudit server process is running: "ps aux | grep lengine"
    • check if lengine is listening and on which port it is listenung: "netstat - patne | grep lengine"
    • review the "/var/opt/novell/naudit/nproduct.log" for any potential errors
    • check your  platform agent configuration stored in "/etc/logevent.conf"
      Note: make sure caching is enabled.
      Example:

      LogHost=10.168.10.100
      LogForceCaching=Y
      LogCacheLimitAction=roll cache
      LogEnginePort=1289
      LogCacheDir=/var/opt/novell/naudit/cache


  • On Windows

    • check if the naudit server is running
      open Administrative Tools => Services and search for the "Novell Audit Log Server"
    • open cmd and run: "netstat -ano | findstr ":289 :1289"
    • check the "c:\nproduct.log file"
    • check your  platform agent configuration stored in"C:\Windows\logevent.conf"