Table of Contents

• Introduction

• Installing eDirectory XDASv2 Files

• Configuring eDirectory XDASv2 Property File

• Loading the Modules

• Managing and Configuring eDirectory events

• Logging of Events

• References

Introduction

The XDASv2 specification provides a standardized classification for audit events. It defines a set of generic events at a global distributed system level. XDASv2 provides a common portable audit record format to facilitate the merging and analysis of audit information from multiple components at the distributed system level. The XDASv2 events are encapsulated within a hierarchical notational system that helps to extend the standard or existing event identifier set. eDirectory 8.8 SP6 support XDASv2 format to log eDirectory events into the file.

Installing eDirectory XDASv2 Files

eDirectory stand alone installer will install all the files required for XDASv2 support by default. Following are the packages/binaries on different platforms,

• On Linux
  
  
  
  • novell-edirectory-xdaslog
  
  
• novell-edirectory-xdaslog-conf

• novell-edirectory-xdasinstrument

• On Solaris
  
  
  
  • NOVLlog
  
  
• NOVLedirxdasin

• On Windows (it will available in the installed location)
  
  
  
  • xdasauditds.dlm
  
  
• xdaslog.dll

Configuring eDirectory XDASv2 Property File

The eDirectory XDASv2 property file is located at /etc/opt/novell/configuration/xdasconfig.properties for root instance and in customized location for non-root users. You can customize the file according to your requirement.

The following is the content of the XDASv2 property file:

# Set the level of the root logger to DEBUG and attach appenders.
#log4j.rootLogger=debug, S, R
# Defines appender S to be a SyslogAppender. 
#log4j.appender.S=org.apache.log4j.net.SyslogAppender
# Defines location of Syslog server.
#log4j.appender.S.Host=localhost
#log4j.appender.S.Port=port
# Specify protocol to be used (UDP/TCP/SSL)
#log4j.appender.S.Protocol=UDP
# Specify SSL certificate file for SSL connection.
# File path should be given with double backslash.
#log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem
# Minimum log-level allowed in syslog.
#log4j.appender.S.Threshold=INFO
# Defines the type of facility.
#log4j.appender.S.Facility=USER
# Layout definition for appender Syslog S.
#log4j.appender.S.layout=org.apache.log4j.PatternLayout
#log4j.appender.S.layout.ConversionPattern=%c : %p%m%n
# Defines appender R to be a Rolling File Appender.
#log4j.appender.R=org.apache.log4j.RollingFileAppender
# Log file for appender R.
#log4j.appender.R.File=/var/opt/novell/eDirectory/log/xdas-events.log
# Max size of log file for appender R.
#log4j.appender.R.MaxFileSize=100MB
# Set the maximum number of backup files to keep for appender R.
# Max can be 13. If set to zero, then there will be no backup files.
#log4j.appender.R.MaxBackupIndex=10
# Layout definition for appender Rolling log file R.
#log4j.appender.R.layout=org.apache.log4j.PatternLayout
#log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c : %p%m%n
Uncomment and modify following lines in above configuration file,
log4j.rootLogger=debug, R
log4j.appender.S.Facility=USER
log4j.appender.R=org.apache.log4j.RollingFileAppender

log4j.appender.R.File=/var/opt/novell/eDirectory/log/xdas-events.log

log4j.appender.R.MaxFileSize=100MB

log4j.appender.R.MaxBackupIndex=10

log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c : %p%m%n

Loading the Modules

After you have configured the XDASv2 events, run the following command to load the XDASv2 modules:

• On Linux/Solaris run the following command to load the eDirectory XDASv2 modules:
  
  ndstrace -c "load xdasauditds"

• On Windows run ndscons.exe, select xdasauditds.dlm module from the list of modules and click start

Managing and Configuring eDirectory events

You can manage and configure eDirectory for XDASv2 auditing by using Novell iManager. iManager plug-in for XDASv2 is, by default, installed with eDirectory. Here are the steps to configure events,

1. Log in to the iManager console.

• Select eDirectory Auditing->Audit Configuration from Roles and Tasks.

• Specify the NCP Server.

• Configuring Events.
  
  
  
  1. Select DS, LDAP or either of them for XDASv2 event settings.
  
  
• Select Log event values either Log Large Values or Do Not Log Large Values.

• Select the actual event from the section of events on the basis of requirement.

• Configuring XDASv2 Roles
  
  
  
  1. Select object classes for which you want to collect events.
  
  
• Set any number of attributes for the object classes you have selected.

• Click Apply to confirm the modifications. The selected attributes appear in this list.

• Configuring XDASv2 Accounts
  
  
  
  1. Select object classes from the list for which you want to collect events.
  
  
• Selected object classes appear in this list.

• Click Apply after adding the object classes.

Logging of Events

Events will be logged in the log file specified in xdasconfig properties file. Any applications or third party developers can use this log file to audit their requirements. Log file name and location can be modified as required in the xdasconfig properties files and rolling file appender is supported for file logging. The size of the log file and number of rolling file logs can be mentioned in the properties file. The changes will be reflected after the restart of eDirectory. Here is an sample output of creating an user event,

Oct 11 12:22:55 eDirectory: INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "90_129","Name" :
"CN=test,O=novell"},"Entity" : {"SysAddr" : "192.168.1.129","SysName" : "test"}},"Initiator" :
{"Account" : {"Name" : "CN=admin,O=novell","Id" : "32842"}},"Target" : {"Data" : {"ClassName" : "User"},"Account" :
{"Domain" : "90_129","Name" : "CN=XDAS-user,O=novell","Id" : "599298"}},"Action" : {"Event" : {"Id" : "0.0.2.0","Name" :
"CREATE_ACCOUNT","CorrelationID" : "eDirectory#23#7bb3d063-8fca-4957-68ab-63d0b37bca8f","SubEvent" :
"DSE_CREATE_ENTRY"},"Time" : {"Offset" : 1281509575},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" :
"0"}}

References

• Novell XDASv2 Administration Guide