Error xdasauditds module could not be loaded when configuring syslog

We are trying to confugre syslog in our IDM Server and when we try to load xdasauditds module we are getting below error

xdasauditds module could not be loaded

We have configured the Driver health and in this, we are generating the events in Action, when the driver is getting stopped.

We have added this generate events in all Green, Yellow, Red for testing purpose but we did not see any event log in file "/var/log/messages"

We are using IDM 4.7.3 and eDirectory 9.1.4

Parents
  • So in ndstrace, you can try

    load xdasauditds

    Then see if any errors show up.

    Might be in the ndsd.log (/var/opt/novell/eirectory/logs.

    Usually there is something. Also in ndstrace, see if you can do a modules command and see if one of the other audit methods is loaded.  I think there can be only one aiudit module at a time.

     

  • When I run the command ndstrace -c "load xdasauditds" I am getting below error

    [1] Instance at /opt/novell/eDirectory/instances/hughesnetldap/nds.conf: nam1.OU=servers.OU=services.O=hughesnet.HUGHESNETLDAP
    xdasauditds module could not be loaded: (1)

    In ndsd.log, I am getting below error

    NetIQ eDirectory CEF Instrumentation cannot be loaded due to incorrect configuration!

  • This mostly comes from a configuration issue. Also you cannot have CEF and XDAS running at the same time.

  • Good so you found an error. 

    Now do

    ndstrace -c 'modules'

    and see if the other audit modules are loaded. There can be only one...

    If the other is loading, there is a config file called nds-modules somewhere (maybe in /etc/opt/novell/eDirectory/conf) that lists the modules to autoload on a ndsd start.  Change out the audit modules in that file.

  • I have run the command ndstrace -c 'modules' output is given below and it is showing that xdasauditds Not Loaded

    xdasauditds Not Loaded
    zoomdb Not Loaded
    snmpinst Not Loaded
    repair Not Loaded
    pkiinst Not Loaded
    password-plugin Not Loaded
    nmasldap Running
    nmasinst Not Loaded
    ndsinfo Not Loaded
    ndsclone Not Loaded Directory Clone Agent For NetIQ eDirectory 9.1.4
    merge Not Loaded
    lsss Running
    ldapxs Running
    krbpwd Not Loaded
    jvmload Not Loaded
    IDMCEFProcessor Not Loaded
    ebassl_srv Not Loaded
    ebasrv Not Loaded
    dxldap Running
    dxevent Running
    dstrace Not Loaded Trace For NetIQ eDirectory 9.1.4
    dsr Not Loaded
    dsi Not Loaded
    dsbk Not Loaded
    cefauditds Not Loaded
    backupcr Running
    sasl Running [ nldap ]
    spmdclnt Running
    nmas Running [ sasl ]
    ssldp Running [ nldap ]
    sss Running [ ssncp ssldp ]
    ssncp Running
    pkiserver Running
    embox Running
    imon Running NDS iMonitor for NetIQ eDirectory 9.1.2 v40103.16
    nldap Running LDAP Agent for NetIQ eDirectory 9.1.4
    hconserv Running HTTP Console Server For NetIQ eDirectory 9.1.4
    snmp Running SNMP Trap Server for NetIQ eDirectory 9.1.2
    gams Running
    niciext Running
    vrdim Running
    httpstk Running HTTP Protocol Stack For NetIQ eDirectory 9.1.4 [ nds hconserv imon embox ]
    nds Running Directory Agent For NetIQ eDirectory 9.1.4
    masv Running [ gams ]
    dsloader Running [ httpstk hconserv nldap ]
    dhlog Running DHost message logging module for NetIQ eDirectory 9.1.4
    ncpengine Running NCP Protocol Stack For NetIQ eDirectory 9.1.1
    ndsd Running NetIQ eDirectory 9.1.4 Host Environment

    [1] Instance at /opt/novell/eDirectory/instances/hughesnetldap/nds.conf: nam1.OU=servers.OU=services.O=hughesnet.HUGHESNETLDAP

    I have checked file /etc/opt/novell/eDirectory/conf/ndsmodules.conf and the file content is given below

    # ndsmodules.conf: NDS Module Description File
    # This file describes the modules to be loaded at bootup. Note that modules
    # that need to be loaded would have auto flags set. Other modules can also
    # be present here if a default command line need to be specified. Modules
    # will be loaded in the order that's listed here.
    #
    # Syntax:
    # modulename flags cmdline
    # Each line in this file represents a modulename. It should not
    # contain prefix(lib) or suffix(.so, .la etc.). We'll look at a
    # corresponding .la file to pickup the correct modulefile.
    # flags: should be a comma seperated (no whitespace) list of valid options.
    # auto -> autoloaded when dhost comes up
    # system -> Will not be unloaded.
    # fail -> Treat as an error and exit if loading fails.
    # noop -> No flags. MUST for specifying command line without any flags
    #

    dhlog auto,fail #DHost logger
    ncpengine auto,system,fail #Core NCP Services
    dsloader auto,system,fail #Loader
    masv auto,system,fail #Modular Authentication Services
    nds auto,system,fail #Core DS Services
    niciext auto
    gams auto
    snmp auto #snmp
    httpstk auto #DHost HTTP Stack
    hconserv auto #HConServ
    nldap auto #LDAP Server
    imon auto #iMon
    embox auto #eMBox
    pkiserver auto #PKI server
    ssncp auto #SecretStore
    xdasauditds auto #xdasauditds

  • First have a look at your xdasconfig.properties, then the painful part, the audit attributes in eDirectory (on the server object). I had a similar problem on a number of servers after upgrading from eDirectory 8.8.8 to 9.1 - and the only fix I found was to remove all the audit attributes from the server object, install the latest version of iManager and the plugins (https://www.netiq.com/support/imanager/plugins/) - the "eDirectory Auditing" is now part of the eDirectory plugin - it will mess up the attributes if you have an too old version, and then xdasauditds or cefauditds will not load.

    I even ran into an issue where I had to remove the whole iManager RBS to get it to work.

    All of this is know, but not very well documented.

    They did some changes to all of this between eDirectory 9.0.2 and 9.0.3 and then again in 9.1.x ... which has been causing problems to a number of people.

     

     

  • cefauditds Not Loaded xdasauditds Not Loaded IDMCEFProcessor Not Loaded

    I wanted to see the these three lines or the like. Rules out the 'other' audit being loaded.

     

Reply Children