Configuring the Agent and the Server

NAAS assumes partition-based auditing, where the domain for auditing is a Novell eDirectoryTM partition. All the Audit agents will audit only those objects that are in the same eDirectory partition as the agent. Also, the Audit agents will read only those policies that are in the same partition. All policies outside the partition are ignored, even if they are associated with one of the objects within the partition. Refer to the following sections for performing manual configuration.

The user can also configure the Audit agent, Audit server, and the policies by using the procedure provided in NAAS Default Configuration Utility.

WARNING:  All the objects created and configured manually should be deleted before running the default configuration utility.


Configuring the Audit Agent

The Audit agent collects audit data and sends it to the Audit server. It resides on the same machine where the audited service is hosted.

The configuration information for an Audit agent is stored in eDirectory as an Agent policy. The Agent policy governs the functioning of the Audit agent and contains information such as the size of the Audit agent cache, the time interval for periodic commits of the Audit agent's cache to the database, and the Audit servers that can be contacted to commit the data.


Configuring the Audit Agent

  1. In ConsoleOneTM, right-click the desired container > click New > Object > naasAgentPolicy.

  2. Set the desired values for all the configuration parameters.

    NOTE:  The Commit Period must be greater than 30 seconds. The Commit Fragment Size should be greater than 300 bytes. The Cache Size should be greater than 1 KB.

  3. Follow the steps detailed in Associating the Policy to associate the policy to the Agent object.

  4. Grant the Agent object Read rights to this policy object using the normal eDirectory rights mechanism.

  5. Grant the Agent object Read rights to the naasPolLink and naasSearchPolLink attributes for the entire tree.

  6. Grant the Agent object Read rights to the naasPortNumber and HostDevice attribute of the server objects to be contacted.

  7. Grant the Agent object Read rights to the Network Address attribute of the NetWare® server object hosting the audit server.


Configuring the Audit Server

The Audit server stores and manages audit trails and gives real-time notification of events.

The configuration information for an Audit server is stored in eDirectory as a Server Policy object. The Server Policy object governs the functioning of the Audit server and contains information such as the name of the database to store audit data, the time interval for polling the database, and the time interval for recalculating the audit trail rights of the auditors connected to the Audit server.


Configuring the Audit Server

  1. In ConsoleOne, right-click a Container object > click New > Object > naasServerPolicy.

  2. Set the desired values for all the configuration parameters > click OK.

  3. Follow the steps detailed in Associating the Policy to associate the policy to the specified Server object.

  4. Grant the Server object Read rights to this policy object using the normal eDirectory rights mechanism.

  5. Grant the Server object Read rights to the database object for the database to be used, using the normal eDirectory rights mechanism.

  6. Grant the Server object Read rights to the naasPolLink, naasSearchPolLink, and ACL attribute for the entire tree.

  7. Grant the Server object Read rights to the naasRandomNance attribute and naasSelectedDomain attributes for the entire tree.

  8. Grant the Server object Write rights to its own naasPortNumber attribute.


Configuring the Audit Server for Real-Time Alert Notification

  1. Open the SYS:\AUDIT\MAILALERT.CFG configuration file for real-time alert notification. This file will be installed along with the NAAS components in the server.

  2. Enter the name of the mail server (SMTP server) to be contacted for real-time alerts as the first line in the configuration file.

  3. Enter the list of recipients' e-mail IDs, separated by a comma or space, in the second line of the configuration file. All these recipients will receive the real-time alert notification.

    IMPORTANT:  The real-time alert configuration file should be on the same machine as the Audit server.



Previous | Next