NetqIQ Acccess Manager Gateway 4.2 fills audit logs with " URL Accessed" events even it has not been enabled

  • 7017419
  • 29-Mar-2016
  • 29-Mar-2016

Environment

NetIQ Access Manager 4.2
NetIQ Access Gateway Appliance 4.2
NetIQ Access Gateway Service 4.2

Situation

  • Access Manager auditing has been configured with syslog (not naudit)

  • The following event configuration have been enabled:

    • AccessDenied
    • SystemStarted
    • SystemShutdown
    • OLACFailed
    • FormFillFailed
    • IPAccessAttempted

  • The audit logfile: "/var/opt/novell/syslog/audit_ag.log" is getting filled up with "URL Access" events without having it enabled.

    Example:

    <134>Feb 25 20:20:056 aga01 {"appName":"Novell Access Manager","Component":"AG\\URL Access","timeStamp":"1456402856785","eventId":"2e0512","Descr
    iption":"Access Gateway: URL Accessed","Originator":"ag-38B3F24F8BAD9546","Target":"PR_Root","subTarget":"http://nw65.kgast.nam.com/icons/compres
    sed.gif","stringValue1":"cn=admin,o=novell","stringValue2":"F64E93C3CA80AFF6D97FCBE65DDD39A3","stringValue3":"114","numericValue1":1369910421,"nu
    mericValue2":1369910421,"numericValue3":0,"Data":"","Message":"[1456402856785]  [Novell Access Manager\\AG\\URL Access]: AMDEVICEID#ag-38B3F24F8B
    AD9546: AMAUTHID#F64E93C3CA80AFF6D97FCBE65DDD39A3: AMEVENTID#114: Source IP Address: [1369910421]  X-Forwarded-For Client IP Address: [1369910421
    1369910421]  User Identifier: [cn=admin,o=novell]  Accessed URL [http://nw65.kgast.nam.com/icons/compressed.gif]"}
    <134>Feb 25 20:20:056 aga01 {"appName":"Novell Access Manager","Component":"AG\\URL Access","timeStamp":"1456402856785","eventId":"2e0512","Descr
    iption":"Access Gateway: URL Accessed","Originator":"ag-38B3F24F8BAD9546","Target":"PR_Root","subTarget":"http://nw65.kgast.nam.com/icons/text.gi
    f","stringValue1":"cn=admin,o=novell","stringValue2":"F64E93C3CA80AFF6D97FCBE65DDD39A3","stringValue3":"113","numericValue1":1369910421,"numericV
    alue2":1369910421,"numericValue3":0,"Data":"","Message":"[1456402856785]  [Novell Access Manager\\AG\\URL Access]: AMDEVICEID#ag-38B3F24F8BAD9546
    : AMAUTHID#F64E93C3CA80AFF6D97FCBE65DDD39A3: AMEVENTID#113: Source IP Address: [1369910421]  X-Forwarded-For Client IP Address: [1369910421136991
    0421]  User Identifier: [cn=admin,o=novell]  Accessed URL [http://nw65.kgast.nam.com/icons/text.gif]"}



Resolution

This issue has been fixed with NetIQ Access Manager version 4.2 Service Pack 1