Just recently I implemented Novell Audit 2.0.3 at work. I chose this product because of its ability to audit a wide range of systems, collect information from a wide range of sources, and is extensible. You can import log schemas and extend the capabilities of the software.

The Audit starter pack is free and the secure logging server can run on Netware, Linux and Windows. It integrates with eDirectory and uses iManager for administration. Data can be stored in a number of different databases (I chose MySQL) and also a flat file. Straight out of the box, Audit can log events from Identity Manager, Netware, Windows event logs, eDirectory, iChain, syslogs and a number of other sources. Audit can also audit itself, have the agents sign each event, and send information securely.

Because I'm storing information in a MySQL database I can easily query it with SQL either from within iManager, or as I do using a free SQL query tool. Audit comes with a reporting tool of its own, but it's time bombed for 10mins unless you upgrade the starter pack to a fully licensed install.

My installation process was fairly straight forward. The documentation is quite easy to follow but I did make sure I upgraded MySQL, PERL and PHP to the latest versions available. Uninstallation is just as easy and the uninstall will also remove the schema extensions leaving your TREE clean.

My secure logging server is Netware (of course). MySQL on Netware absolutely screams... read incredibly fast. I will probably move the secure logging service to Linux in the future, but at the moment I am completely confident with Netware.

I have installed instrumentation and agents on all my primary servers for Netware, DNS, FS, eDirectory, Identity Manger, and on AD domain controllers. These are configured easily with a single file, logevent.cfg or logevent.conf, and should the secure logging server go offline, the agents will automatically cache events locally until they detect the logging server is back. The eDirectory instrumentation is also clever enough to ignore or accept replicated events.

I'm logging most events but not all of them and to give an indication of data storage required the MySQL database is growing by around 750MB per day.

The FREE starter pack does most of what you'll need it to do. Download it from Novell today and give it a try, you'll breeze through your next audit with ease.

Tags: Novell