We do have eDirectory connectors. Unfortunately eDirectory auditing has gone through a few iterations Earlier versions used syslog, but as of late it's been in a database. Our experience is fairly limited (1-2 customers) but we have seen it work. You'll have to configure the auditing side to log to the database, then modify the database settings to allow LEM to connect, then use one of the Novell connectors to connect up - looks like Novell Identity Audit might be the most current version.
On the database side, you will need to edit pg_hba.conf to allow LEM's IP address to connect. When you do that, you might also have to have it listen on the LAN IP, not just localhost. I found some instructions for this section of the configuration, but not what comes before (setting up eDirectory to audit) or after (setting up the connector). We should be able to work through it, though.
We don't have a product like Novell Identity Audit in place.
1 of 1 people found this helpful
There is an snmp agent for eDirectory - check out this link
The other choice may be NetIQ XDASv2 which I think is built into eDir 8.8SP8. It will use syslog if required which may help depending on your environment.
We are also looking at getting better data out of eDir and am just starting down that road
Let us know what you guys find - we might have to build a new connector to get it all working (we too would prefer a free method that we can refer customers to consistently). To our knowledge Novell's last official word on eDirectory auditing was to use Novell Audit/Identity Audit to store the data in a database, and that it didn't cost money but did require those components.
Doesn't look like anyone every resolved this one. I am trying to set this up and am very new to LEM. I have all the xdas audit pieces setup on the NetIQ SuSE Linux server running eDirectory. I am reasonably certain those pieces are correct. I then added a node for my Linux server. After watching various how to videos and searching the internet, I configured the LEM side the way I think it is supposed to be. What I have is a connector for eDirectory on the appliance with the log file set to /var/log/user. I also have a eDir connector on the node set to /var/opt/novell/eDirectory/log/xdas-events.log.
So far, I am not seeing any alerts in the Monitor view. However, if I SSH into the LEM box and run the checklogs command, I do see the contents of my xdas-events.log file in the : User Log facility. So I know my information is getting the LEM server. So, here goes for questions:
1. how is the log file location in the connector supposed to relate to the actual file location?
2. is the log file location in the connector on the appliance suppose to be relating to a file location on the appliance? if so what is the correct location for the User Log facility
3. is the log file location in the connector on the node suppose to be relating to a file location on the node? if not, then what should it be related to.
Look for any assistance anyone can provide. I am fairly comfortable with the eDirectory/SuSE part of this, but brand new to LEM and did not have any prior experience with Novell Sentinel product either.