Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
source s_local {
system();
internal();
tcp(ip(127.0.0.1) port(1290));
};
destination server {
tcp(164.99.184.91 port(1290));
};
log {
source(s_local);
destination(server);
};
#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages.
#
@version: 3.2
@include "scl.conf"
source s_local {
system();
internal();
tcp(ip(127.0.0.1) port(1290));
};
destination server {
tcp(164.99.184.91 port(1290));
};
log {
source(s_local);
destination(server);
};
Administrator@nam-win ~
$ logger -p local0.info "Test Message from NAM"
[root@audit-server ~]# tailf /var/log/NAM_audits.log
<134>Jan 28 12:38:35 nam-win Administrator: Test Message from NAM
In the Administration Console Auditing section select, Audit Messages Using -> Syslog and Select Send to Third Party from the drop box.
NOTE: Server Listening Address and Port are disabled for configuration. It is manually configured as part of Configure the syslog-ng to forward the audit message to the remote syslog audit server configuration.
Apply the changes and update the servers.
Select the Access Manager events to be audited from the administration Console and apply the changes. In this example, we have selected NAM IDP for auditing, and the audit events can be selected for IDP in the Administration Console as:
Apply the changes after selecting the events and update the servers.
[root@audit-server ~]# tailf /var/log/NAM_audits.log
<134>Jan 28 12:41:28 nam-win {"appName": "Novell Access Manager","timeStamp":"Thu, 28 Jan 2016 12:41:28 0530","eventId":"002E000C","subTarget":"TestUser","stringValue1":"8BEDC83BBE9139A39943FC6296EB3001","stringValue2":"Unable to locate user name ","stringValue3":"Name/Password - Form","numericValue1":0,"numericValue2":0,"numericValue3":0,"message":"[Thu, 28 Jan 2016 12:41:28 0530] [Novell Access Manager\\\\nidp]: AMDEVICEID#FB6C42375B901FAD: AMAUTHID#8BEDC83BBE9139A39943FC6296EB3001: User session authentication failed. Authentication Contract Name: [Name/Password - Form] Authentication Method Name: [Name/Password - Form] Reason: [Unable to locate user name ] Client IP Address: [10.1.2.3]","target":"Name/Password - Form","data":"MTY0Ljk5LjEzNy42NA==","description":"NIDS: User session authentication failed","originator":"FB6C42375B901FAD","component":"nidp"}