Environment
NetIQ Access Manager 4.2
NetIQ Access Gateway Appliance 4.2
NetIQ Access Gateway Service 4.2
NetIQ Access Gateway Appliance 4.2
NetIQ Access Gateway Service 4.2
Situation
- Access Manager auditing has been configured with syslog (not naudit)
- The following event configuration have been enabled:
- AccessDenied
- SystemStarted
- SystemShutdown
- OLACFailed
- FormFillFailed
- IPAccessAttempted
- The audit logfile: "/var/opt/novell/syslog/audit_ag.log" is getting filled up with "URL Access" events without having it enabled.
Example:
<134>Feb 25 20:20:056 aga01 {"appName":"Novell Access Manager","Component":"AG\\URL Access","timeStamp":"1456402856785","eventId":"2e0512","Descr
iption":"Access Gateway: URL Accessed","Originator":"ag-38B3F24F8BAD9546","Target":"PR_Root","subTarget":"http://nw65.kgast.nam.com/icons/compres
sed.gif","stringValue1":"cn=admin,o=novell","stringValue2":"F64E93C3CA80AFF6D97FCBE65DDD39A3","stringValue3":"114","numericValue1":1369910421,"nu
mericValue2":1369910421,"numericValue3":0,"Data":"","Message":"[1456402856785] [Novell Access Manager\\AG\\URL Access]: AMDEVICEID#ag-38B3F24F8B
AD9546: AMAUTHID#F64E93C3CA80AFF6D97FCBE65DDD39A3: AMEVENTID#114: Source IP Address: [1369910421] X-Forwarded-For Client IP Address: [1369910421
1369910421] User Identifier: [cn=admin,o=novell] Accessed URL [http://nw65.kgast.nam.com/icons/compressed.gif]"}
<134>Feb 25 20:20:056 aga01 {"appName":"Novell Access Manager","Component":"AG\\URL Access","timeStamp":"1456402856785","eventId":"2e0512","Descr
iption":"Access Gateway: URL Accessed","Originator":"ag-38B3F24F8BAD9546","Target":"PR_Root","subTarget":"http://nw65.kgast.nam.com/icons/text.gi
f","stringValue1":"cn=admin,o=novell","stringValue2":"F64E93C3CA80AFF6D97FCBE65DDD39A3","stringValue3":"113","numericValue1":1369910421,"numericV
alue2":1369910421,"numericValue3":0,"Data":"","Message":"[1456402856785] [Novell Access Manager\\AG\\URL Access]: AMDEVICEID#ag-38B3F24F8BAD9546
: AMAUTHID#F64E93C3CA80AFF6D97FCBE65DDD39A3: AMEVENTID#113: Source IP Address: [1369910421] X-Forwarded-For Client IP Address: [1369910421136991
0421] User Identifier: [cn=admin,o=novell] Accessed URL [http://nw65.kgast.nam.com/icons/text.gif]"}
Resolution
This issue has been fixed with NetIQ Access Manager version 4.2 Service Pack 1