Anonymous_User Absent Member.
Absent Member.
210 views

SLM Audit Events from iManager


Hello,
I'm doing a pilot of Sentinel Log Manager and I had a question related
to events from changes made via iManager.

First, we're using SLM 1.2.0.2_954.
Second, this is an older eDir, it's 8.8.5 (20219.15), so these are the
platform and instrumentation versions in use:

novell-AUDTplatformagent-2.0.2-68
novell-AUDTedirinst-8.8.5-12

The problem I'm having is that I see events coming in for modifications
to objects, but the initiator is always the server, not the actual user
making the change in iManager.

I have "Do Not Send Replicated Events" checked on every server in the
tree.

One strange anomaly is that when I open a server using the eDirectory
Audit task in order to modify what is audited, when I click on the
Novell Audit tab I always get this error:

"(Error -603) The requested attribute could not be found. In the
Directory, if an attribute does not contain a value then the attribute
does not exist for the specific object."

However, I'm able to save my changes and everything works fine (and the
changes do indeed take). I double checked, and all the appropriate
schema extensions are in the tree.

If I try and use the old Novell Audit plug-in to modify the settings,
iManager crashes (and I've tried 3 different instances of iManager too,
it seg faults).


Is this just a problem with the old eDir instrumentation? Or is there a
way to get the true initiator to show up in the log when making changes
from iManager?

Thanks.

Matt


--
matt
------------------------------------------------------------------------
matt's Profile: https://forums.netiq.com/member.php?userid=183
View this thread: https://forums.netiq.com/showthread.php?t=46665

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SLM Audit Events from iManager

> Second, this is an older eDir, it's 8.8.5 (20219.15), so these are the
> platform and instrumentation versions in use:
>
> novell-AUDTplatformagent-2.0.2-68
> novell-AUDTedirinst-8.8.5-12


You're over two SPs back; if you can patch (probably no technical reason
why you cannot) you probably should. A lot of instrumentation fixes have
specifically been fixed of late because of the increased focus on auditing
brought by Sentinel and Log Manager.

> I have "Do Not Send Replicated Events" checked on every server in the
> tree.


Presumably you also have the instrumentation and Platform Agent on every
box configured to point to Log Manager.

> One strange anomaly is that when I open a server using the eDirectory
> Audit task in order to modify what is audited, when I click on the
> Novell Audit tab I always get this error:
>
> "(Error -603) The requested attribute could not be found. In the
> Directory, if an attribute does not contain a value then the attribute
> does not exist for the specific object."


Well if your settings are saving properly (and I think you meant the
Novell Audit instrumentation settings) then maybe it's erroring because of
a lack of openxdas schema; the latest plugin providing the 'eDirectory
Auditing' role handles both the older Novel Audit style of auditing as
well as the newer OpenXDAS stuff so the plugin may be complaining about
the latter. Functionality for the latter came in eDirectory 8.8 SP6 as I
recall.

> However, I'm able to save my changes and everything works fine (and the
> changes do indeed take). I double checked, and all the appropriate
> schema extensions are in the tree.
>
> If I try and use the old Novell Audit plug-in to modify the settings,
> iManager crashes (and I've tried 3 different instances of iManager too,
> it seg faults).


Well that's not good, but I'm not sure how to duplicate that unless it has
something to do with your older tree. Typically I'd test this by setting
up iManager Workstation (new, fresh install), then patching to the current
iManager SP (6 I believe), and then adding the eDirectory plugins followed
by testing (restarts between each NPM addition, and each NPM addition done
on its own).

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SLM Audit Events from iManager


I'm going to push for patching up to 8.8.7 IR2 and see what happens.
I'm hoping that is it.

Every server in the tree is pointing at the SLM server, every server has
the same eDir version, and every server has auditds module loaded.

If this doesn't work, I'll open an SR.

Thanks.

Matt


ab;224719 Wrote:
> > Second, this is an older eDir, it's 8.8.5 (20219.15), so these are

> the
> > platform and instrumentation versions in use:
> >
> > novell-AUDTplatformagent-2.0.2-68
> > novell-AUDTedirinst-8.8.5-12

>
> You're over two SPs back; if you can patch (probably no technical
> reason
> why you cannot) you probably should. A lot of instrumentation fixes
> have
> specifically been fixed of late because of the increased focus on
> auditing
> brought by Sentinel and Log Manager.
>
> > I have "Do Not Send Replicated Events" checked on every server in the
> > tree.

>
> Presumably you also have the instrumentation and Platform Agent on
> every
> box configured to point to Log Manager.
>
> > One strange anomaly is that when I open a server using the eDirectory
> > Audit task in order to modify what is audited, when I click on the
> > Novell Audit tab I always get this error:
> >
> > "(Error -603) The requested attribute could not be found. In the
> > Directory, if an attribute does not contain a value then the

> attribute
> > does not exist for the specific object."

>
> Well if your settings are saving properly (and I think you meant the
> Novell Audit instrumentation settings) then maybe it's erroring because
> of
> a lack of openxdas schema; the latest plugin providing the 'eDirectory
> Auditing' role handles both the older Novel Audit style of auditing as
> well as the newer OpenXDAS stuff so the plugin may be complaining about
> the latter. Functionality for the latter came in eDirectory 8.8 SP6 as
> I
> recall.
>
> > However, I'm able to save my changes and everything works fine (and

> the
> > changes do indeed take). I double checked, and all the appropriate
> > schema extensions are in the tree.
> >
> > If I try and use the old Novell Audit plug-in to modify the settings,
> > iManager crashes (and I've tried 3 different instances of iManager

> too,
> > it seg faults).

>
> Well that's not good, but I'm not sure how to duplicate that unless it
> has
> something to do with your older tree. Typically I'd test this by
> setting
> up iManager Workstation (new, fresh install), then patching to the
> current
> iManager SP (6 I believe), and then adding the eDirectory plugins
> followed
> by testing (restarts between each NPM addition, and each NPM addition
> done
> on its own).
>
> Good luck.



--
matt
------------------------------------------------------------------------
matt's Profile: https://forums.netiq.com/member.php?userid=183
View this thread: https://forums.netiq.com/showthread.php?t=46665

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.