Highlighted
Super Contributor.
Super Contributor.
433 views

Error xdasauditds module could not be loaded when configuring syslog

We are trying to confugre syslog in our IDM Server and when we try to load xdasauditds module we are getting below error

xdasauditds module could not be loaded

We have configured the Driver health and in this, we are generating the events in Action, when the driver is getting stopped.

We have added this generate events in all Green, Yellow, Red for testing purpose but we did not see any event log in file "/var/log/messages"

We are using IDM 4.7.3 and eDirectory 9.1.4

Labels (3)
11 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Did you get any error code?
for example:
xdasauditds module could not be loaded: (-603)
Highlighted
Knowledge Partner
Knowledge Partner

So in ndstrace, you can try

load xdasauditds

Then see if any errors show up.

Might be in the ndsd.log (/var/opt/novell/eirectory/logs.

Usually there is something. Also in ndstrace, see if you can do a modules command and see if one of the other audit methods is loaded.  I think there can be only one aiudit module at a time.

 

Highlighted
Super Contributor.
Super Contributor.

When I run the command ndstrace -c "load xdasauditds" I am getting below error

[1] Instance at /opt/novell/eDirectory/instances/hughesnetldap/nds.conf: nam1.OU=servers.OU=services.O=hughesnet.HUGHESNETLDAP
xdasauditds module could not be loaded: (1)

In ndsd.log, I am getting below error

NetIQ eDirectory CEF Instrumentation cannot be loaded due to incorrect configuration!

Highlighted
Outstanding Contributor.
Outstanding Contributor.

This mostly comes from a configuration issue. Also you cannot have CEF and XDAS running at the same time.

Highlighted
Knowledge Partner
Knowledge Partner

Good so you found an error. 

Now do

ndstrace -c 'modules'

and see if the other audit modules are loaded. There can be only one...

If the other is loading, there is a config file called nds-modules somewhere (maybe in /etc/opt/novell/eDirectory/conf) that lists the modules to autoload on a ndsd start.  Change out the audit modules in that file.

0 Likes
Highlighted
Super Contributor.
Super Contributor.

I have run the command ndstrace -c 'modules' output is given below and it is showing that xdasauditds Not Loaded

xdasauditds Not Loaded
zoomdb Not Loaded
snmpinst Not Loaded
repair Not Loaded
pkiinst Not Loaded
password-plugin Not Loaded
nmasldap Running
nmasinst Not Loaded
ndsinfo Not Loaded
ndsclone Not Loaded Directory Clone Agent For NetIQ eDirectory 9.1.4
merge Not Loaded
lsss Running
ldapxs Running
krbpwd Not Loaded
jvmload Not Loaded
IDMCEFProcessor Not Loaded
ebassl_srv Not Loaded
ebasrv Not Loaded
dxldap Running
dxevent Running
dstrace Not Loaded Trace For NetIQ eDirectory 9.1.4
dsr Not Loaded
dsi Not Loaded
dsbk Not Loaded
cefauditds Not Loaded
backupcr Running
sasl Running [ nldap ]
spmdclnt Running
nmas Running [ sasl ]
ssldp Running [ nldap ]
sss Running [ ssncp ssldp ]
ssncp Running
pkiserver Running
embox Running
imon Running NDS iMonitor for NetIQ eDirectory 9.1.2 v40103.16
nldap Running LDAP Agent for NetIQ eDirectory 9.1.4
hconserv Running HTTP Console Server For NetIQ eDirectory 9.1.4
snmp Running SNMP Trap Server for NetIQ eDirectory 9.1.2
gams Running
niciext Running
vrdim Running
httpstk Running HTTP Protocol Stack For NetIQ eDirectory 9.1.4 [ nds hconserv imon embox ]
nds Running Directory Agent For NetIQ eDirectory 9.1.4
masv Running [ gams ]
dsloader Running [ httpstk hconserv nldap ]
dhlog Running DHost message logging module for NetIQ eDirectory 9.1.4
ncpengine Running NCP Protocol Stack For NetIQ eDirectory 9.1.1
ndsd Running NetIQ eDirectory 9.1.4 Host Environment

[1] Instance at /opt/novell/eDirectory/instances/hughesnetldap/nds.conf: nam1.OU=servers.OU=services.O=hughesnet.HUGHESNETLDAP

I have checked file /etc/opt/novell/eDirectory/conf/ndsmodules.conf and the file content is given below

# ndsmodules.conf: NDS Module Description File
# This file describes the modules to be loaded at bootup. Note that modules
# that need to be loaded would have auto flags set. Other modules can also
# be present here if a default command line need to be specified. Modules
# will be loaded in the order that's listed here.
#
# Syntax:
# modulename flags cmdline
# Each line in this file represents a modulename. It should not
# contain prefix(lib) or suffix(.so, .la etc.). We'll look at a
# corresponding .la file to pickup the correct modulefile.
# flags: should be a comma seperated (no whitespace) list of valid options.
# auto -> autoloaded when dhost comes up
# system -> Will not be unloaded.
# fail -> Treat as an error and exit if loading fails.
# noop -> No flags. MUST for specifying command line without any flags
#

dhlog auto,fail #DHost logger
ncpengine auto,system,fail #Core NCP Services
dsloader auto,system,fail #Loader
masv auto,system,fail #Modular Authentication Services
nds auto,system,fail #Core DS Services
niciext auto
gams auto
snmp auto #snmp
httpstk auto #DHost HTTP Stack
hconserv auto #HConServ
nldap auto #LDAP Server
imon auto #iMon
embox auto #eMBox
pkiserver auto #PKI server
ssncp auto #SecretStore
xdasauditds auto #xdasauditds

Highlighted
Outstanding Contributor.
Outstanding Contributor.

First have a look at your xdasconfig.properties, then the painful part, the audit attributes in eDirectory (on the server object). I had a similar problem on a number of servers after upgrading from eDirectory 8.8.8 to 9.1 - and the only fix I found was to remove all the audit attributes from the server object, install the latest version of iManager and the plugins (https://www.netiq.com/support/imanager/plugins/) - the "eDirectory Auditing" is now part of the eDirectory plugin - it will mess up the attributes if you have an too old version, and then xdasauditds or cefauditds will not load.

I even ran into an issue where I had to remove the whole iManager RBS to get it to work.

All of this is know, but not very well documented.

They did some changes to all of this between eDirectory 9.0.2 and 9.0.3 and then again in 9.1.x ... which has been causing problems to a number of people.

 

 

Highlighted
Knowledge Partner
Knowledge Partner

cefauditds Not Loaded
xdasauditds Not Loaded
IDMCEFProcessor Not Loaded

I wanted to see the these three lines or the like. Rules out the 'other' audit being loaded.

 

0 Likes
Highlighted
Super Contributor.
Super Contributor.

What needs to be done to resolve it?

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

I think Norberts point of switching to CEF format in the latest eDir/IDM's is your better bet.

Why XDAS at this point as it is being phased out?

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

With IDM 4.7.3  and eDirectory 9.1.4 you should switch to CEF auditing as XDAS is deprecated.

Also note that the events you want are coming from the from IDM engine and not from any of the eDirectory auditing (*auditds) modules.

Do you have any log4cxx messages in your ndsd.log?

--
Norbert
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.