My experience.

Setup the Logmanager v1.0 product.

Considerable confusion on what platform agent ot use.

Most comments in the forums said not to use the Sentinel agent, but rather the Audit Agent.

The WMI connector for Windows#

The dialog shows information showing the LDAP port. (389/636) and one would surmise that the connection would be LDAP. I tried every thing I could think of to put in for Name and password and domain with no success.

Finally, used:

  • Name: Administrator
  • password:
  • Domain: mad.willeke.com

And it worked. Why, why, WHY do companies not provide some sort of dialog help for these things.

Platform Agents#

Stopping LCache#

A new option to stop LCache has been added. To stop LCache, use the following command:
kill -TERM `pgrep lcache`

This option is introduced due to the following issues:

  • LCache is not stopped when the logging application is stopped.
  • Modifying the LCache configuration in logevent.conf file does not take effect unless you restart LCache.

Logging Cache Module Startup#

The Logging Cache Module (lcache) writes events to the Disconnected Mode Cache if the connection between the Platform Agent and the Secure Logging Server fails. It is installed with logevent on every server running applications that log events to Novell Audit.

On NetWare® and Windows, logevent automatically loads lcache. On Linux, the eDirectory™ instrumentation, auditDS, automatically loads lcache. In some circumstances, on Linux and Solaris systems, lcache must be manually loaded.

To load lcache on Linux systems, enter

/opt/novell/naudit/lcache
To load lcache on Solaris systems, enter
/opt/NOVLnaudit/lcache

Collectors#

http://support.novell.com/products/sentinel/secure/sentinel61.html

Edirectory Instrumentation#

eDirectory Instrumentation is not installed by default. It is provided in the eDirectory install package.

To install you may need to force install as the default setup want to use the Sentinel platform agent.

rpm -Uvh --nodeps novell-AUDTedirinst-8.8.5-12.i586.rpm

Start the eDirectory Instrumentation#

ndstrace -c "load auditds"

Stop eDirectory Instrumentation#

ndstrace -c "unload auditds"

Check eDirectory Instrumentation#

ndstrace -c modules |grep auditds
auditds         Running

Windows WMI Connector#

The collector must run on a Windows Machine. The docs say; "Windows-based Sentinel 6 Collector Manager with the latest service pack applied".

Novell SUSE Linux Enterprise Server Sentinel Collector#

Novell SUSE Linux Enterprise Server Sentinel Collector

Novell IDM Sentinel Collector#

Novell IDM Sentinel Collector

Summary at this point#

Sentinel has turned out to be just as I had feared for a number of years.

A product which requires a full time, highly EXPERIENCED specialists to setup and maintain.

I am, at this point, afraid to recommend the product to clients, or would have to severely warn them as to the extent and effort of the deployment and ongoing effort to maintain the product to obtain the level of results that the Novell sales machine promises.

More Information#

There might be more information for this subject on one of the following: ...nobody

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-10) was last changed on 25-May-2011 17:46 by jim