Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
371 views

Re: Auditing with XDASv2 : some questions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> - What is the best way to autoamte loading XDASv2 (ndstrace -c "load
> xdasauditds") at eDirectory start-up ?


Try adding xdasauditds to the
/etc/opt/novell/eDirectory/conf/ndsmodules.conf file as follows:

xdasauditds auto #XDAS Auditing Instrumentation

I have not tested this myself, but this is how the 'auditds' (Novell
Audit Instrumentation) is configured to auto-load. Also, the docs state
that if you are auditing NMAS that this will auto-load:

https://www.netiq.com/documentation/edir88/edirxdas_admin/data/bqn5moa.html

> - Novell Auditing configuration via iManager is covering one NCP
> server (config server by server), and with "RollingFileAppender" each
> server has it's one audtiting trace (on it's file system) I did
> notice that if I do an operation on Server A it's not logged on
> Server B , I would like to know if it's possible to configure some
> event forwarding between servers to centrelize the log files


I do not think auditing replicated events sis a feature of the XDAS
instrumentation, but considering that we're dealing with security events
it was (in my opinion) a flawed model from the start. Auditing each
server is the best way for several reasons, not the least of which is
that some changes in eDirectory are never replicated.

> - Why I can't see all the object classes on "XDASAccounts" tab ?


Bug# 711627 is already entered for this. I think the workaround is to
hack the attributes on the NCP Server object via LDAP but eventually the
plugin should be updated to fix this. Feel free to open a Service
Request and link it to the bug to give more priority to the bug.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQJSjiAAoJEF+XTK08PnB5kcwQAIrg+ubXrEqPfvC6YGfsD4HC
JhQyxNsFey28MTF+5SOr5rqLHfSkcafKDaE0/yVY9P79cPyy8k1Royjo3huoLRi2
KLaWl7YEdfwBi3nbnt48OXm8uKuxY23WM0oG+OlZbgpkWI78to5bOJjtL60o5sl4
ZRG3eav90dTUBwlVXrCBLVD6qMKYq6oG26iBm/C7sa+IHxWxTPtHR5uGONtrAdRf
4coC6RcFmv++BaBebnQEjWHzdEnaw6lkilV+UmdtzgFsjHPB2a/X5IM1gDxungMA
ShVoPCNB/RkCAbVeZQ2YwPd8NJUN5n6z/O4OtF4u5ZPpdpSezdrybMQ2fhYimq7O
dE6EsVQPWs3zikVmjqrROXk6zMf1LkMATmSbp6wN2Ra7HAb57uQLi/TJtqOwy/Gy
MdVwJxwp77dvxywoR3cj5uQ0dhnQRPMgQ6mWSpitGkKIHD7kiFflygRVNh/6iVBx
dwcVKKoQrH4SZPdsePJcjPiyKx/FB3jOq6SmDWLxaDnXCLxcWyL1CPcErKjUFBKZ
dznYFBRdaSRZLI+Ktw4RrT4gNOM9ziparvzjtc/t/GIueGwXwkJ1YPnCYDjFHLc9
/VmGOToazcy245tZgzohv9VaR/0sIMgHrgEMdXvD3FU06hq8rCT7ZEhkyhZ/u6/5
KoQU2zJOjKqrcEZxXbP9
=Uxc7
-----END PGP SIGNATURE-----
Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Auditing with XDASv2 : some questions


Hello,

I am struggling with XDAS on eDirectory 8.8.6

- Bug# 711627 is still in place ( Not all object classes and attributes
are seen from the iManager Plugin )

So this does not allow us to select and suite our need, even trying to
hack the values via LDAP Browser to set what we need is impossible (
operation rejected by eDirectory )

- Another important point is that even When I set the objectClass and
attributes for a given class, The auditing mecanism still listen to all
objectClass attributes modifications (not only the selected
attributes).

- Besides that some unwanted events are shown ( like IDM events :
veto(), error, ...)

Can any one tell me honestly if Auditing with XDAS is a good solution
or better try Sentinel, ... ? Does any one did XDAS auditing
implementation in a production environnement ?

- (http://tinyurl.com/9lrjydv) what is the difference between (XDASv2
Roles) and (XDASv2 Accountes) ? It's not clear in my mind

Regards


Regards


--
iammi
------------------------------------------------------------------------
iammi's Profile: https://forums.netiq.com/member.php?userid=382
View this thread: https://forums.netiq.com/showthread.php?t=2292

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Auditing with XDASv2 : some questions


iammi;12339 Wrote:
> Hello,
>
> I am struggling with XDAS on eDirectory 8.8.6
>
> - Bug# 711627 is still in place ( Not all object classes and attributes
> are seen from the iManager Plugin )
>
> So this does not allow us to select and suite our need, even trying to
> hack the values via LDAP Browser to set what we need is impossible (
> operation rejected by eDirectory )
>
> - Another important point is that even When I set the objectClass and
> attributes for a given class, The auditing mecanism still listen to all
> objectClass attributes modifications (not only the selected
> attributes).
>
> - Besides that some unwanted events are shown ( like IDM events :
> veto(), error, ...)
>
> Can any one tell me honestly if Auditing with XDAS is a good solution or
> better try Sentinel, ... ? Does any one did XDAS auditing implementation
> in a production environnement ?
>
> - (http://tinyurl.com/9lrjydv) what is the difference between (XDASv2
> Roles) and (XDASv2 Accountes) ? It's not clear in my mind
>
> Regards
>
>
> Regards


Hi is there really nobody around who can answer those questions?
I would like to get some answers on the difference between XDAS Roles
and XDAS Accounts as well - since there is not much documentation on
those config parameters available.

Does logging using XDAS makes sense or shall we continue collecting SIEM
events though the old PA?

Ragards,

Thorsten


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=2292

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Auditing with XDASv2 : some questions

In case it is not known already, the forums are only moderated by
volunteers, so official answers from the company will need to be sought
via other channels, primarily through Service Requests (SR) or other
contacts that you have (sales, service account managers, etc.). XDAS
itself works, but the implementation of various products' instrumentation
and agents to send XDAS events to a third party (Sentinel or otherwise)
has had a rough start so far. My clients, so far, all use the Novell
Audit events (the old way) to send eDirectory audit events to either
Sentinel or Log Manager, and the same goes for Identity Manager (IDM).
iManager events can now be sent via XDAS and I have one client trying
those out, though we're waiting on some fixes from NetIQ there too.

If it was my setup I would use the other style of events because there is
a long track record of those working. Otherwise, an SR is needed to let
NetIQ know how to prioritize the various outstanding issues.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Auditing with XDASv2 : some questions

On 2013-10-17 11:44, tschloesser wrote:
>
> iammi;12339 Wrote:
>> Hello,
>>
>> I am struggling with XDAS on eDirectory 8.8.6
>>
>> - Bug# 711627 is still in place ( Not all object classes and attributes
>> are seen from the iManager Plugin )
>>
>> So this does not allow us to select and suite our need, even trying to
>> hack the values via LDAP Browser to set what we need is impossible (
>> operation rejected by eDirectory )
>>
>> - Another important point is that even When I set the objectClass and
>> attributes for a given class, The auditing mecanism still listen to all
>> objectClass attributes modifications (not only the selected
>> attributes).
>>
>> - Besides that some unwanted events are shown ( like IDM events :
>> veto(), error, ...)
>>
>> Can any one tell me honestly if Auditing with XDAS is a good solution or
>> better try Sentinel, ... ? Does any one did XDAS auditing implementation
>> in a production environnement ?
>>
>> - (http://tinyurl.com/9lrjydv) what is the difference between (XDASv2
>> Roles) and (XDASv2 Accountes) ? It's not clear in my mind
>>
>> Regards
>>
>>
>> Regards

>
> Hi is there really nobody around who can answer those questions?
> I would like to get some answers on the difference between XDAS Roles
> and XDAS Accounts as well - since there is not much documentation on
> those config parameters available.
>
> Does logging using XDAS makes sense or shall we continue collecting SIEM
> events though the old PA?
>
> Ragards,
>
> Thorsten
>
>

I opened an SR last year I think or if it was in the beginning of 2013,
don't remember.

The answer was, if you're logging to Sentinel use the platform agent.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.