Novell Nsure Audit 1.0 Quick Start
13 Pages
English

Novell Nsure Audit 1.0 Quick Start

Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Description

ŠŠŠŠŠŠŠQuickStart Card 2/24/0396To begin a Quick Start Card (English): Click in the box under the word Novell. Insert the ’QuickStart’ element. 2. Insert elements for product name, version, and part number. 3. Insert the HeadQS element, type the title of your card. Note: Keep this master page “QSCard-First.“ for the first page. Select QSCard-Body for the remaining. NovellNovell Nsure Auditwww.novell.com1.0QUICK STARTJuly 1, 2003Installation and Configuration on NetWare 6.5TMThis Quick Start provides basic information on installing and configuring Novell Nsure Audit 1.0. For complete instructions, see the Novell Nsure Audit 1.0 Administration Guide.SYSTEM REQUIREMENTSA server-class PC with a Pentium* III 550 Mhz or AMD* K7 processor15 MB over the OS4 MB of available disk space on volume sys:®NetWare 6.5TMNovell eDirectory version 8.7 or higherPREPARING FOR INSTALLMake sure the tree is synchronized and error free. For detailed information on eDirectory Health Check procedures, see “Keeping eDirectory Healthy” (http://www.novell.com/documentation/lg/edir87/edir87/data/a5ziqam.html).Make sure you have Admin rights to the root of the tree where you plan to install Novell Nsure Audit. You must provide the administrator username and password during installation so the installation program can extend the schema.June 19, 2003Novell ConfidentialŠŠŠŠŠŠŠŠQuickStart Card 2/24/0396INSTALLING NOVELL NSURE AUDIT WITH NETWARE 6.51 Start the ...

Subjects

Informations

Published by
Reads 21
Language English

Š
Š
Š
Š
Š
Š
Š
QuickStart Card 2/24/0396
To begin a Quick Start Card (English): Click in the box under the word Novell. Insert the ’QuickStart’ element. 2. Insert elements for product name, version, and part number.
3. Insert the HeadQS element, type the title of your card. Note: Keep this master page “QSCard-First.“ for the first page. Select QSCard-Body for the remaining.
Novell
Novell Nsure Audit
www.novell.com1.0
QUICK START
July 1, 2003
Installation and Configuration on
NetWare 6.5
TMThis Quick Start provides basic information on installing and configuring Novell Nsure Audit 1.0.
For complete instructions, see the Novell Nsure Audit 1.0 Administration Guide.
SYSTEM REQUIREMENTS
A server-class PC with a Pentium* III 550 Mhz or AMD* K7 processor
15 MB over the OS
4 MB of available disk space on volume sys:
®NetWare 6.5
TMNovell eDirectory version 8.7 or higher
PREPARING FOR INSTALL
Make sure the tree is synchronized and error free. For detailed information on eDirectory
Health Check procedures, see “Keeping eDirectory Healthy” (http://www.novell.com/
documentation/lg/edir87/edir87/data/a5ziqam.html).
Make sure you have Admin rights to the root of the tree where you plan to install Novell
Nsure Audit. You must provide the administrator username and password during installation
so the installation program can extend the schema.
June 19, 2003
Novell ConfidentialŠ
Š
Š
Š
Š
Š
Š
Š
QuickStart Card 2/24/0396
INSTALLING NOVELL NSURE AUDIT WITH NETWARE 6.5
1 Start the NetWare 6.5 installation.
2 In the Choose a Pattern window, select the Novell Nsure Audit Starter Pack.
Select Pre-Configured Server > Novell Nsure Audit Starter Pack.
or
Select Customized NetWare Server and mark the following components:
Apache2* Web Server and Tomcat4 Servlet Container
MySQL* (if you want to configure the MySQL data store during installation)
Novell Nsure Audit Starter Pack
iManger 2.0
3 In the Summary window, review the products to be installed and click Copy Files.
4 When the installation program displays the Component Selection window for the Novell
Nsure Audit Starter Pack, select the program components you want to install.
Install Secure Logging Server Installs the Secure Logging Server (lengine.nlm), the
Multiple Directory Database (mdb.nlm), and the channel drivers (lgd*.nlm) to the
current server. It also creates a Logging Server object in the Logging Services container.
You need at least one Secure Logging Server in your network.
Autoconfigure MySQL creates the MySQL Channel object in the Logging Services’
Channel container and configures the Secure Logging Server to log events to the
MySQL database. If you select this option, you must install MySQL with the
NetWare 6.5 install. (See Step 2.)
WARNING: The MySQL Channel object is created with a default Expiration
script that runs every night at midnight and automatically deletes every record
older than 12 hours. This was done because the default events logged by the
NetWare and eDirectory instrumentations quickly fill the database. To remove this
setting, simply delete the script from the SQL Expiration Commands property in
the MySQL Channel object and restart the Secure Logging Server. For more
information, see MySQL Channel Object in the Novell Nsure Audit 1.0
Administration Guide.
June 19, 2003
Novell ConfidentialŠ
Š
Š
Š
Š
Š
Š
Š
QuickStart Card 2/24/0396
Install Platform Agent installs and configures the Platform Agent (logevent.nlm), the
Caching Module (lcache.nlm), and the NetWare and eDirectory instrumentations
(auditNW.nlm and auditDS.nlm respectively).
You must install the Platform Agent on every workstation or server that is running an
application that logs events to Novell Nsure Audit. To enable NetWare and file system
logging, the NetWare instrumentation must be installed and loaded on every server on
which you want to log NetWare and file system events. To log eDirectory events,
auditDS must be installed and loaded on one server per DS Replica.
Secure Logging Server Address is the IP address or host name of the Secure
Logging Server that the Platform Agent connects to.
5 If you selected the Autoconfigure MySQL option, the installation program displays the
Database Options window so you can define your MySQL data store.
MySQL Database Host is the IP Address or host name of the MySQL database server.
Port defines the port at which the Secure Logging Server connects to the database
server. If this field is left blank, the Secure Logging Server uses the default MySQL port
assignment, 3306.
DB Username is the user account the Secure Logging Server uses to log in to the
database. This account has all privileges to the default database and can log in from
any IP address. The default username for the NetWare 6.5 data store is “auditusr.”
DB User Password is the password the logging server uses to authenticate with the
database. You must confirm this password. The default password for the NetWare 6.5
data store is “auditpwd.”
Database Name is the name of the database to which the logging server writes events.
The default database name is “naudit.”
Table Name is the database table to which the logging server writes events. The
default table is “log.”
6 Follow the prompts to complete the rest of the NetWare 6.5 install. For more information,
see the NetWare 6.5 Overview and Installation Guide (http://www.novell.com/
documentation/lg/nw65/install/data/hz8pck9v.html).
Upon completing the installation, you must restart the server or manually launch the installed
components. For the program startup commands, see Commands and Utilities in the Novell
Nsure Audit 1.0 Administration Guide.Š
Š
QuickStart Card 2/24/0396
OPENING IMANAGER
iManager is the standard administrative interface for Novell Nsure Audit in NetWare 6.5. You can
use iManager 2.0 to configure Secure Logging Server, Channel, and Notification objects and to
select which eDirectory, NetWare, and file system events you would like to log.
To open iManager 2.0:
1 From a workstation, launch either Internet Explorer (5.5 or later) or Netscape (6.2 or later).
2 At the browser enter the following URL:
http://server_ip_address/nps/iManager.html
For example, http://137.65.135.150/nps/iManager.html
3 Log in using your username and password.
For more information on iManager 2.0, see iManager in the Novell Nsure Audit 1.0
Administration Guide.
CONFIGURING THE SECURE LOGGING SERVER
The Secure Logging Server is the server component in the Nsure auditing system.The Secure
Logging Server manages the flow of information to and from the Nsure auditing system—that is,
it receives incoming events and requests from the Platform Agents; logs information to the data
store; monitors system events; and provides filtering and notification services. For more
information, see Configuring the Secure Logging Server in the Novell Nsure Audit 1.0
Administration Guide
To configure the Secure Logging Server:
1 Click the Roles and Tasks button on the iManager toolbar.
2 In the Roles and Tasks view, expand the Nsure Audit role and select the Server Configuration
task.
3 Select the Secure Logging Server object and click OK.
Click the Object History button to see a list of Logging Server objects that have been
selected during this iManager session.
or
Click the Object Selector button to locate the object in the directory tree. To move
up or down in the tree, click the navigation arrows. You can also search the tree by
entering the object name and context in the Search frame.
June 19, 2003
Novell ConfidentialŠ
Š
Š
Š
Š
Š
Š
Š
QuickStart Card 2/24/0396
4 Click General to modify the logging server’s Configuration, Memory, and Status attributes.
IMPORTANT: You must click Apply in each screen to save your changes.
4a In the Configuration menu, you can configure the following attributes:
Host Server is the distinguished name of the NCP Server object associated with
the current logging server. This setting defaults to the server on which the Secure
Logging Server was installed.
Driver Directory is the directory in which the channel drivers (lgd*.nlm) are
located. The default directory on NetWare is sys:\system\ .
Log Channel is the Channel object the logging server uses to create the central
data store
NOTE: If you select the Autoconfigure MySQL option during installation, the
installation program automatically creates the MySQL Channel object and
configures the logging server to log events to the MySQL channel.
Secure Logging Certificate File is the path and filename for the Logging Server
Certificate
Secure Logging PrivateKey File is the path and filename for the Secure Logging
Certificate’s private key file.
4b In the Memory menu, you can configure the following attributes:
Minimum is the amount of memory the server automatically allocates at boot time
to handle logging processes.
Normal is the amount of memory the server can immediately allocate if logging
traffic exceeds the Minimum memory setting
Maximum is the maximum amount of memory that can be allocated to logging
processes.
4c In the Status menu, you can enable or disable the Secure Logging Server.
5 Click Channels to select the logging server’s supported Channel containers and to create,
modify, or delete Channel objects.
For specific examples, see “Configuring File Channel Objects” on page 5 and “Creating and
Configuring SMTP Channel Objects” on page 7. For more information on Channel objects, see
Co System Channels in the Novell Nsure Audit 1.0 Administration Guide.
IMPORTANT: The NetWare 6.5 product license authorizes you to use the Nsure Audit
program’s SMTP, File, and MySQL channels. If you configure and enable the CVR, Java,
Oracle, SNMP or Syslog channels, Novell Nsure Audit broadcasts licensing notices every ten
minutes to all your configured channels. (You do not receive notices for a channel that is
configured, but disabled.) The licensing notices indicate that you should acquire a license
once you are done evaluating the additional channels. Š
Š
QuickStart Card 2/24/0396
6 Click Notifications to select the logging server’s supported Notification containers and to
create, modify, or delete Notification objects.
For specific examples, see “Configuring Heartbeat Notification Objects” on page 8 and
“Configuring Notification Filter Objects” on page 9. For more information on Notification
objects, see Configuring Filters and Event Notifications in the Novell Nsure Audit 1.0
Administration Guide.
7 Click Log Applications to select the logging server’s supported Application containers and to
create, modify, or delete Application objects.
NOTE: Application objects are usually created automatically when either Nsure Audit or the
logging application is installed. If necessary, however, they can also be manually added to
the tree through the administrative interface.
For more information on Application objects, see Application Objects in the Novell Nsure
Audit 1.0 Administration Guide
8 When finished, click OK.
For an explanation of each attribute, see Logging Server Objects in the Novell Nsure Audit 1.0
Administration Guide.
CREATING AND CONFIGURING FILE CHANNEL OBJECTS
The File channel allows the logging server to log events directly to file in raw format or to
translate those events to a human-readable log file. Raw files contain the event data in comma-
delimited format. Translated log files contain the event descriptions rather than the event data
and can be dynamically localized into other languages. For more information, see File in the
Novell Nsure Audit 1.0 Administration Guide.
To create and configure the File Channel object:
1 Click the Roles and Tasks button on the iManager toolbar.
2 In the Roles and Tasks view, expand the Nsure Audit role and select the Server Configuration
task.
3 Select the Secure Logging Server object and click OK.
Click the Object History button to see a list of Logging Server objects that have been
selected during this iManager session.
or
Click the Object Selector button to locate the object in the directory tree. To move
up or down in the tree, click the navigation arrows. You can also search the tree by
entering the object name and context in the Search frame.
4 In the Server Configuration screen, click Channels.
June 19, 2003
Novell ConfidentialŠ
Š
Š
Š
Š
Š
Š
QuickStart Card 2/24/0396
5 Mark the Channels container and click New Channel, then click OK.
6 In the New Channel window, select File Channel.
7 Enter a name for the Channel object and click OK.
8 In the Channels screen, click the plus icon to expand the Channels container.
9 Select the File Channel object and click Edit Channel.
10 Configure the File channel attributes.
Log File is the path to the log file.
IMPORTANT: All file data stores are named “log.” Therefore, if you have multiple File
Channel objects, you must point them to different paths.
Purge Log Files After is the log file’s life span. The logging server deletes all log files
older than the designated time period.
Roll When Log File Reaches is the log file’s maximum file size. When a log file reaches
the designated file size, the File driver renames the file and creates a new log file.
In Translated mode, the File driver writes the event description to the data store.
In Raw mode, the File driver writes the event data in comma-delimited format to the
data store.
Translated Language is the language in which the events descriptions for Translated
log files are written to file.
IMPORTANT: This option is only valid in Translated mode.
Status allows you to enable or disable the current File Channel object.
11 When finished, click OK.
For more information on each attribute, see File Channel Object in the Novell Nsure Audit 1.0
Administration Guide.Š
Š
QuickStart Card 2/24/0396
Logging Events to the File Channel
If you want the Secure Logging Server to log events to the File channel:
1 In the Server Configuration screen, click General > Configuration.
2 In the Log Channel field, select the File Channel object.
Click the Object Selector button to locate the File Channel object in the directory tree.
(Go to the Logging Services > Channels container.)
3 When finished, click OK or Apply.
If you want to log filtered events to the File channel:
1 Create a Notification Filter object that filters the events you want to write to the filtered
data store.
2 Select the File Channel object as one of the Notification Filter object’s notification
channels.
For information on creating Notification Filter objects, see “Configuring Notification Filter
Objects” on page 11.
CREATING AND CONFIGURING SMTP CHANNEL OBJECTS
The SMTP channel allows the logging server to e-mail logged events to a mailbox, cell phone, or
other e-mail enabled device. For more information, see SMTP in the Novell Nsure Audit 1.0
Administration Guide.
To create and configure the SMTP Channel object:
1 Click the Roles and Tasks button on the iManager toolbar.
2 In the Roles and Tasks view, expand the Nsure Audit role and select the Server Configuration
task.
3 Select the Secure Logging Server object and click OK.
Click the Object History button to see a list of Logging Server objects that have been
selected during this iManager session.
or
Click the Object Selector button to locate the object in the directory tree. To move
up or down in the tree, click the navigation arrows. You can also search the tree by
entering the object name and context in the Search frame.
4 In the Server Configuration screen, click Channels.
June 19, 2003
Novell ConfidentialŠ
Š
Š
Š
Š
Š
Š
Š
QuickStart Card 2/24/0396
5 Mark the Channels container and click New Channel, then click OK.
6 In the New Channel window, select SMTP Channel.
7 Enter a name for the SMTP Channel object and click OK.
8 In the Channels screen, click the plus icon to expand the Channels container.
9 Select the SMTP Channel object and click Edit Channel.
10 Configure the SMTP channel attributes.
Host is the host name or IP address of the SMTP server.
User is the username for the e-mail account the SMTP channel uses to connect to the
SMTP server. (The username is only required if SMTP Authentication is enabled on the .)
Password is the password for the e-mail account the SMTP channel uses to connect to
the SMTP server.
Sender is the name you want to appear in the From: line for all messages sent from
this SMTP Channel object.
Recipients lists the e-mail addresses to which all events directed through this SMTP
Channel object are sent. Addresses can be separated with a comma (,), a semi-colon
(;), or a space.
Subject is the text you want to appear in the Subject line for all messages sent from
this SMTP Channel object. The subject line can contain up to 255 characters.
Message is the text you want to appear in the message body for all messages sent from
this SMTP Channel object. The message body can be up to 64 KB; however, this is not
recommended for performance reasons.
Status allows you to enable or disable the current SMTP Channel object.
11 When finished, click OK.
For detailed information on each attribute, see SMTP Channel Object in the Novell Nsure Audit
1.0 Administration Guide.Š
Š
Š
Š
Š
Š
QuickStart Card 2/24/0396
CONFIGURING HEARTBEAT NOTIFICATION OBJECTS
Heartbeat objects monitor the stream of incoming events for the occurrence of a specific event.
If the event does not occur within the designated interval, the logging server generates a
heartbeat event (Event ID 0001001).
IMPORTANT: Heartbeat events are logged to the central data store; however, if you want to
receive notification that a specific event has not occurred, you must create a Notification Filter
for the corresponding heartbeat event.
To create a Heartbeat Notification object:
1 Click the Roles and Tasks button on the iManager toolbar.
2 In the Roles and Tasks view, expand the Nsure Audit role and select the Server Configuration
task.
3 Select the Secure Logging Server object and click OK.
Click the Object History button to see a list of Logging Server objects that have been
selected during this iManager session.
or
Click the Object Selector button to locate the object in the directory tree. To move
up or down in the tree, click the navigation arrows. You can also search the tree by
entering the object name and context in the Search frame.
4 In the Server Configuration screen, click Notifications.
5 Mark the Notifications container and click New Notification > OK.
6 In the New Notification window, select Heartbeat Notification.
7 Enter a name for the Heartbeat Notification object and click OK.
8 In the Notifications screen, click the plus icon to expand the Notifications container.
9 Select the Heartbeat Notification object and click Edit Channel.
10 In the Modify Object screen, configure the Heartbeat Notification attributes.
Description contains a description and any necessary explanation for the Heartbeat
object. The field limit is 255 characters.
EventID is the Event ID you want the logging server to monitor.
Interval is the maximum number of seconds between each event occurrence. If the
event does not occur within the designated interval, the logging server generates a
heartbeat event.
The Te x t 1 and Te x t 2 fields contain the information that you want to appear in the
heartbeat event’s Text1 and Text2 fields. These fields can contain any text string up to
255 characters.
June 19, 2003
Novell Confidential