Environment
NetIQ iManager 2.7.7
Situation
NetIQ iManager 2.7.7 added functionality to allow auditing of iManager via XDAS.
As an example of how to configure the functionality the address 192.168.1.5:1468 was used in the /var/opt/novell/iManager/nps/WEB-INF/imanager_logging.xml
On some systems, this may be a valid network address and the attempted communication could be detected as an unathorized connection.
<appender class="com.novell.imanager.logging.syslog.impl.iManSyslogAppender"
name="Syslog">
<param name="Facility" value="user"/>
<param name="syslogHost" value="192.168.1.5:1468"/>
<param name="syslogProtocol" value="tcp"/>
<param name="syslogSslKeystoreFile" value="/root/Desktop/sentinel/mykeystore
.jks"/>
<param name="syslogSslKeystorePassword" value="novell"/>
<param name="Threshold" value="INFO"/>
<layout class="com.novell.imanager.logging.syslog.impl.iManXdasJSONLayout">
</layout>
</appender>
As an example of how to configure the functionality the address 192.168.1.5:1468 was used in the /var/opt/novell/iManager/nps/WEB-INF/imanager_logging.xml
On some systems, this may be a valid network address and the attempted communication could be detected as an unathorized connection.
<appender class="com.novell.imanager.logging.syslog.impl.iManSyslogAppender"
name="Syslog">
<param name="Facility" value="user"/>
<param name="syslogHost" value="192.168.1.5:1468"/>
<param name="syslogProtocol" value="tcp"/>
<param name="syslogSslKeystoreFile" value="/root/Desktop/sentinel/mykeystore
.jks"/>
<param name="syslogSslKeystorePassword" value="novell"/>
<param name="Threshold" value="INFO"/>
<layout class="com.novell.imanager.logging.syslog.impl.iManXdasJSONLayout">
</layout>
</appender>
Resolution
NetIQ development has commented the example out of the imanager_logging.xml file and changed the address to ##.##.##.##:#### so that unintentional communication doesn't occur.
This change will ship in future iManager version.
To manually modify the imanager_logging.xml and remove the configuration comment out the lines in the /var/opt/novell/iManager/nps/WEB-INF/imanager_logging.xml as follows:
<appender class="com.novell.imanager.logging.syslog.impl.iManSyslogAppender"
name="Syslog">
<param name="Facility" value="user"/>
<!--Uncomment and provide the required ip address and port format: IP addre
ss:Port -->
<!-- <param name="syslogHost" value="##.##.##.##:####"/>-->
<param name="syslogProtocol" value="tcp"/>
<param name="syslogSslKeystoreFile" value="/root/Desktop/sentinel/mykeystore
.jks"/>
<param name="syslogSslKeystorePassword" value="novell"/>
<param name="Threshold" value="INFO"/>
<layout class="com.novell.imanager.logging.syslog.impl.iManXdasJSONLayout">
</layout>
</appender>
This change will ship in future iManager version.
To manually modify the imanager_logging.xml and remove the configuration comment out the lines in the /var/opt/novell/iManager/nps/WEB-INF/imanager_logging.xml as follows:
<appender class="com.novell.imanager.logging.syslog.impl.iManSyslogAppender"
name="Syslog">
<param name="Facility" value="user"/>
<!--Uncomment and provide the required ip address and port format: IP addre
ss:Port -->
<!-- <param name="syslogHost" value="##.##.##.##:####"/>-->
<param name="syslogProtocol" value="tcp"/>
<param name="syslogSslKeystoreFile" value="/root/Desktop/sentinel/mykeystore
.jks"/>
<param name="syslogSslKeystorePassword" value="novell"/>
<param name="Threshold" value="INFO"/>
<layout class="com.novell.imanager.logging.syslog.impl.iManXdasJSONLayout">
</layout>
</appender>
Additional Information
This issue was reported by:
"Noatime Read" <noatimeread@gmail.com>
"Noatime Read" <noatimeread@gmail.com>