manualshive.com logo in svg

Novell XDASV2 - ADMINISTRATION GUIDE V1, Administration Manual

The Novell XDASV2 Administration Manual V1 provides detailed instructions on managing and configuring the XDASV2 system. This comprehensive manual is available for free download on our website. Explore the vast range of features and functionalities of Novell XDASV2 with this essential manual. Download it from manualshive.com.

Share
Download
background image

XDASv2 Schema

37

n

ov

do

cx (e

n)

  16
 Ap
ril 20

10

Initiator

The initiator of an event is the authenticated entity that initially provoked 
creation of the event. Note that an initiator need not be identified. If the entity 
can't be identified - perhaps an entity is attempting to login, thus provoking the 
generation of a login event by an observer - then as much information about 
the origin of the event as possible should be specified. NOTE: In the special 
case of a login event, the authenticated identity of the initiator is not yet known 
until after the login attempt has succeeded. Therefore a failed login event 
should not give the identity of the target account as the identity of the initiator.

An intiator is described in terms of an account and an entity (described below), 
as well as an optional set of assertions. These assertions describe, in terms of 
a set of name/value pairs, the attributes of the initiator identity. Some initiators 
are not known by a specific account, but are known only by a set of assertions 
(SAML2, for instance) that describe the rights of the actor. The schema is not 
defined for these assertions, as they will be different for each class and 
potentially for each individual object.

Action

The action identifies the event that is being recorded. This field provides the 
XDASv2 event identifier, as well as an outcome code (success, or failure 
class), and the time the event occurred, with as much accuracy as possible.

Event

The event field is the key to XDAS events. Event encapsulates a taxonomical 
identifier and a short descriptive name for human readability.

Id

The event Id code represents the event identifier, defined by the XDASv2 
standard event taxonomy, and extensions defined by the Novell CSS product.

Name

The event name is a human readable representation of the event identifier. 
The event name is optional, but recommended for readability.

Data

The event data provides additional descriptive information about the event.

Log

The log field contains standard syslog-like log-level values, in terms of 
Severity and Facility numeric identifiers. The log field is optional, as well as 
every sub-field within the log field. These values should only be used when 
necessary, as they generally represent judgment calls on the part of the 
instrumentor. Such judgment calls are best left to analysis software or 
engineers once the event data is collected.

Outcome

For details on outcome codes, see 

Section B.3, “Outcome Codes,” on 

page 39

.

Time

The event time is the time recorded by the observer at the point the event was 
committed to the event service. Time values are gathered by the XDAS client 
helper library. Thus, there is no reason to be concerned about values stored in 
this field, as the helper library will attempt to be as accurate as possible when 
generating time information.

Offset

The offset field contains a value representing the number of seconds since 
midnight, January 1, 1970 - otherwise known as the Unix epoch.

Sequence

The sequence field contains a unique numeric value identifying this event from 
another event which may have been recorded within the same second. For 
the most part, this value should be taken as a monotonically increasing 
numeric value that begins at zero and continues until the next second 
boundary, at which point, it begins again at zero.

XDAS Field

Description

Summary of Contents for XDASV2 - ADMINISTRATION GUIDE V1

Page 1: ...Novell www novell com novdocx en 16 April 2010 AUTHORIZED DOCUMENTATION Novell XDASv2 Administration Guide XDASv2 for eDirectory IDM and NMAS v1 October 15 2010 Administration Guide...

Page 2: ...and the trade laws of other countries You agree to comply with all export control regulations and to obtain any required licenses or classification to export re export or import deliverables You agre...

Page 3: ...Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the prope...

Page 4: ...4 Novell XDASv2 Administration Guide novdocx en 16 April 2010...

Page 5: ...XDASv2 Roles 16 3 4 3 Configuring XDASv2 Accounts 17 3 5 Securing the iManager Connection 18 4 Troubleshooting 19 A XDASv2 Events 21 A 1 Account Management Events 21 A 2 Session Management Events 22...

Page 6: ...6 Novell XDASv2 Administration Guide novdocx en 16 April 2010...

Page 7: ...mentation included with this product Please use the User Comments feature at the bottom of each page of the online documentation or go to www novell com documentation feedback html and enter your comm...

Page 8: ...8 Novell XDASv2 Administration Guide novdocx en 16 April 2010...

Page 9: ...n 1 2 XDASv2 Server Architecture on page 9 1 1 Key Benefits Provides secured audit services for a distributed system Defines a set of generic events at a global distributed system level Defines a comm...

Page 10: ...10 Novell XDASv2 Administration Guide novdocx en 16 April 2010 Figure 1 1 XDASv2 Server Architecture...

Page 11: ...indows xdasauditds dlm xdaslog dll 2 2 Configuring XDASv2 Property File The XDASv2 property file is located at etc opt novell configuration xdasconfig properties You can customize the file according t...

Page 12: ...here will be no backup files log4j appender R MaxBackupIndex 10 Layout definition for appender Rolling log file R log4j appender R layout org apache log4j PatternLayout log4j appender R layout Convers...

Page 13: ...nstalling and using the Novell Audit iManager Plug in requires iManager 2 7 4 See Novell iManager Product Page http www novell com products consoles for requirements and download instructions 3 2 Inst...

Page 14: ...Sv2 Audit page is displayed Continue with Section 3 4 1 Configuring Events on page 14 3 4 Configuring XDASv2 Events for Auditing Section 3 4 1 Configuring Events on page 14 Section 3 4 2 Configuring X...

Page 15: ...ect 2 Log event values The events are logged into a text file Event values with more than 768 bytes in size are considered as large values You can log events of any size Log Large Values Select this o...

Page 16: ...bling services Service or Application Utilization Events Select the service or application utilization events for which you want to log events You can log events to start and terminate services and to...

Page 17: ...ject classes you have selected Click the attribute and click the arrow to add the attribute to the selected list of attributes 3 Click OK after you add the attributes Click Apply to confirm the modifi...

Page 18: ...3 Click Apply after adding the object classes 3 5 Securing the iManager Connection When you log in to iManager your connection is automatically forwarded to a secure port The default HTTPS port for iM...

Page 19: ...connection on the given port 3 Reload the xdasauditds module The TCP connection is lost Possible Cause If the remote server is not reachable or does not accept connection on the given port the followi...

Page 20: ...and is accepting the connection on the given port 2 Reload the xdasauditds module The SSL connection has failed Possible Cause The SSL connection fails because either the TLS SSL handshake fails or a...

Page 21: ...cular user or entity Blame or credit for an action goes to the identity for a set of activities within a system Accounts exist in the application domains to associate attributes with the set of identi...

Page 22: ...an automated security process such that it can no longer be used until it is re enabled Enable Account 0 0 0 3 Enable an existing account This is the counterpart event to the disable account event def...

Page 23: ...1 1 Terminate an existing session This event should be reported whenever an existing session as defined above is terminated Query Session 0 0 1 2 Query user session attributes This event should be rep...

Page 24: ...LASS_DEF Modify data item attributes This event is reported whenever a security relevant data item or resource element is modified either the value or an attribute of the data item Event Name Event Id...

Page 25: ...perspective setting up a trust relationship is often done by establishing an Enable Service 0 0 3 5 DSE_OPEN_B INDERY Enable a service or application This event ise reported when a service operation...

Page 26: ...ace to allow administrators to manage the resource access events that has to be audited and determine the unimportant events within the security context Event Name Event Identifier Corresponding eDir...

Page 27: ...ata Item Association 0 0 6 2 Query context of association with a data item This event is reported when rights are queried for an identity on a specific data item when trust relationship attributes are...

Page 28: ...tification Event Name Event Identifier Corresponding eDir Event Description Use Create Role 0 0 8 0 Create a new role Creates a new role or an attempt is made to create a new role Delete Role 0 0 8 1...

Page 29: ...2 Resource exhaustion This event is reported when a server system or mission critical application runs out of some critical resource like memory or disk space It is often difficult to report such even...

Page 30: ...se it must be reported Audit Data Store Corrupted 0 0 10 2 Audit datastore is corrupted This event is reported by OpenXDAS when the data store reports that an audit log has been corrupted Generally th...

Page 31: ...upon name value pairs in the token The act of creating and sending an access token is the start of a new pseudo identity with limited and specific rights to protected resources This pseudo identity c...

Page 32: ...32 Novell XDASv2 Administration Guide novdocx en 16 April 2010...

Page 33: ...escription The original source of the event if applicable type string optional true Observer description The recorder ie the XDASv2 service of the event type object optional false properties Account r...

Page 34: ...fier type string optional false pattern 0 9 0 9 Name description A short descriptive name for the specific event eg a new replica is added type string optional true CorrelationID description Correlati...

Page 35: ...r optional true Tolerance description A tolerance value in milliseconds type integer optional true Certainty description Percentage certainty of tolerance type integer optional true minimum 0 maximum...

Page 36: ...ents Some or all of these fields may also be relevant to other types of event but information of this sort is required for auditing services The XDASv2 JSON record format is open By that we mean that...

Page 37: ...for human readability Id The event Id code represents the event identifier defined by the XDASv2 standard event taxonomy and extensions defined by the Novell CSS product Name The event name is a human...

Page 38: ...ng the system and generating events based on initiator actions An observer is described in terms of an account and an entity described below Referenced Classes The observer initiator and target fields...

Page 39: ...the 2 x hierarchy B 4 Example of an Event An example event is given below Source eDirectory DS Observer Account Domain TREE_NAME Name CN server1 O novell Entity SysAddr 164 99 90 129 SysName blr edir...

Page 40: ...40 Novell XDASv2 Administration Guide novdocx en 16 April 2010...

Reviews:

No comments

Related manuals for XDASV2 - ADMINISTRATION GUIDE V1

PRESONUS UNIVERSAL CONTROL 1.1 SVN 2108 Installation Instructions preview
UNIVERSAL CONTROL 1.1 SVN 2108
Brand: PRESONUS Pages: 1
Xerox 701P91273 Installation Manual preview
701P91273
Brand: Xerox Pages: 52
AVG 8.5 EMAIL SERVER EDITION - V 85.4 User Manual preview
8.5 EMAIL SERVER EDITION - V 85.4
Brand: AVG Pages: 52
Mitsubishi Electric DPSClick User Manual preview
DPSClick
Brand: Mitsubishi Electric Pages: 92
Mitsubishi Electric DX-PC55E Operation Manual preview
DX-PC55E
Brand: Mitsubishi Electric Pages: 51
Mitsubishi Electric DX-PC for View User Manual preview
DX-PC for View
Brand: Mitsubishi Electric Pages: 57
Mitsubishi Electric DX-PC10E Instruction Manual preview
DX-PC10E
Brand: Mitsubishi Electric Pages: 29
Samsung G2 PORTABLE HX-MU025DC Specifications preview
G2 PORTABLE HX-MU025DC
Brand: Samsung Pages: 1
Samsung EasyGSM Owner'S Manual preview
EasyGSM
Brand: Samsung Pages: 14
Siemens IEEE802.11 Tutorial preview
IEEE802.11
Brand: Siemens Pages: 84
Genius HyperMedia Center Manual preview
HyperMedia Center
Brand: Genius Pages: 12
Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE Agents Manual preview
CERTIFICATE SYSTEM 8 - AGENTS GUIDE
Brand: Red Hat Pages: 146
AVG RESCUE CD - FOR WINDOWS V 85.2 User Manual preview
RESCUE CD - FOR WINDOWS V 85.2
Brand: AVG Pages: 83
AVG ANTI-VIRUS BUSINESS EDITION 2011 - REV 2011.01 User Manual preview
ANTI-VIRUS BUSINESS EDITION 2011 - REV 2011.01
Brand: AVG Pages: 128
ZyXEL Communications Auto Configuration Server Vantage Access Quick Start Manual preview
Auto Configuration Server Vantage Access
Brand: ZyXEL Communications Pages: 113
Adaptec Disk Array Administrator User Manual preview
Disk Array Administrator
Brand: Adaptec Pages: 139
Nordic Messaging Technologies XFAX User Manual preview
XFAX
Brand: Nordic Messaging Technologies Pages: 62
FieldServer FS-8700-124 Driver Manual preview
FS-8700-124
Brand: FieldServer Pages: 17

Brands by name

Popular brands

Load more brands