Configure and Activate eDirectory Auditing in Netiq Access Manager Administration Console

0 Likes
over 1 year ago

ISSUE:

 

How To: Configure and Activate eDirectory Auditing feature to audit events in NetIQ Access Manager Administration Console.

One of the Use case:

If you are concerned that your delegated administrators might use an LDAP browser to access the configuration datastore, you can configure eDirectory to audit events that come from LDAP connections to the LDAP server.

HOW TO STEPS:

 

Preface:

The solution is split into 2 parts i.e

1) Configuring the system for enabling  eDirectory Auditing in NetIQ Access Manager Administration Console

2) Activating the eDirectory Auditing feature to audit events in NetIQ Access Manager Administration Console

 

Service restart:

This will need Administration Console service to be restarted at the end to take effect of the changes made.

Backup:

Ensure, there's backup of the system and enough down-time outside of the business hours.

Impact:

Very minimal to none.

 

Part 1: Configuring the system to enable eDirectory Auditing in NetIQ Access Manager Administration Console

The steps below will download the necessary plugins to the file system on which Administration Console is setup and running.

 

a) Login to NetIQ Access Manager Administration Console and navigate to Right Top corner and click on

Admin (in this case the administrator's name is Admin) >> (select) Configure Console

clipboard_image_0.png

 

b) On the Left panel >>  (select) iManager Server

clipboard_image_1.png

c) Click on "Configure iManager"  >> (select) Plug-in Download

(Highlighted in the below screenshot)

 

clipboard_image_2.png

 

d) Select the Checkbox “Query download site for new NetIQ Plugin” and

Choose the radio button “NetIQ download site”

(highlighted in the screenshot below)

then Click -> Save

 

clipboard_image_3.png

 

e) In the same Page, on the Left Panel

Select "Plug-in Installation" >> (select sub-menu) "Available NetIQ Plug-in Modules"

 

clipboard_image_4.png

 

 

f) This will display a new page which will list the available plugins for installation.

Select “eDirectory90 Plugins” ( it might also be listed as “eDir_IMANPlugins” in older systems)

Select the same and click on "Install"

clipboard_image_5.png

 

g) You will be prompted to answer the consent to License Agreement

clipboard_image_6.png

 

Post the License agreement, the process of downloading the plugin to the file system will start and will display the progress.

This may take up-to a minute.

 

clipboard_image_7.png

 

 

h)

Once the plugin is installed, connect to Administration Console server and restart the service.

(Linux) /etc/init.d/novell-ac restart

(Windows) Go to Services view and restart Tomcat8 windows service

 

 

Part 2: Activating the eDirectory Auditing feature to audit events in NetIQ Access Manager Administration Console

 

Now, that Administration Console is restarted one needs to re-login.

 

a) Login to NetIQ Access Manager Administration Console and navigate to Right Top corner and click on

Admin (in this case the administrator's name is Admin) >> (select) Manage Roles and Tasks

 

clipboard_image_0.png

 

 

b) On the Left Panel, select "eDirectory Auditing" and then select the sub-menu "Audit Configuration"

clipboard_image_0.png

 

c) On the Right Panel, click on Object Selector icon

(highlighted in the below screenshot)

clipboard_image_1.png

 

The search will pop-up a new dialog with the Contents.

Now, click on the object "novell", which expands to display the objects further.

clipboard_image_3.png

 

This will display the NCP object, which is the eDirectory server.

Select the eDirectory server and click Ok on the next screen.

clipboard_image_4.png

d) Audit Configuration now displays different formats to audit events.

For LDAP Events in specific, Novell Audit, CEF can be opted.

 

clipboard_image_5.png

 

 

Further Reading:

For more detailed information on Novell Audit and CEF, here are the links to eDirectory documenation site.

 

Auditing with Novell Audit:

https://www.netiq.com/documentation/edirectory-91/edir_admin/data/bydeiav.html

(PS: The rpms mentioned in the documentation site are bundled with NetIQ Access Manager tar ball)

 

Auditing with CEF:

https://www.netiq.com/documentation/edirectory-91/edir_admin/data/t44e7j6b8ufi.html

(PS: CEF is the general recommended format) 

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended