Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Novell OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
Summary of Contents for Novell OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
- Page 1 AUTHORIZED DOCUMENTATION Novell Storage Services Auditing Client Logger (VLOG) Utility Reference Novell ® Open Enterprise Server 2 SP2 April 29, 2010 www.novell.com OES 2 SP2: NSS Auditing Client Logger (VLOG) Utility Reference...
-
Page 2: Legal Notices
Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. - Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
- Page 4 OES 2 SP2: NSS Auditing Client Logger (VLOG) Utility Reference...
-
Page 5: Table Of Contents
Novell Sentinel Log Manager........ - Page 6 OES 2 SP2: NSS Auditing Client Logger (VLOG) Utility Reference...
-
Page 7: About This Guide
This reference guide describes the syntax and options for the Novell Storage Services (NSS) Auditing Client Logger (VLOG) utility for Novell Open Enterprise Server (OES) 2 Support Pack 2 (SP2) Linux. The VLOG utility is used with the NSS Auditing Engine, which is available in OES 2 SP2 Linux and later. - Page 8 OES 2 SP2: NSS Auditing Client Logger (VLOG) Utility Reference...
-
Page 9: Overview Of The Nss Auditing Client Logger (Vlog) Utility
Overview of the NSS Auditing Client Logger (VLOG) Utility The Novell Storage Services (NSS) Auditing Client Logger (VLOG) utility for Novell Open Enterprise Server (OES) 2 Support Pack 2 (SP2) Linux is used with the NSS Auditing Engine ( ). The NSS Auditing Engine is installed by default when you install etc/init.d/novell-vigil... -
Page 10: Nss, Ncp, And Cifs Event Sub-Types To Monitor
1.2 Using Auditing Client Applications with the NSS Auditing Engine Some auditing client applications, such as Novell Sentinel Log Manager and various third-party products, can access audited events that are reported by the NSS Auditing Engine. Information about the NSS Auditing Engine Software Developer Kit (SDK) is available on the... -
Page 11: Novell Sentinel Log Manager
1.2.1 Novell Sentinel Log Manager Novell Sentinel Log Manager can be used to collect and report on event logs from the NSS Auditing Client Logger utility. Novell Sentinel Log Manager runs on a 64-bit SUSE Linux Enterprise Server (SLES) 11 host. You can download Novell Sentinel Log Manager from the... - Page 12 OES 2 SP2: NSS Auditing Client Logger (VLOG) Utility Reference...
-
Page 13: Vlog Utility Man Page
This section provides the syntax, options, and examples for the Novell Storage Services (NSS) Auditing Client Logger (VLOG) utility for Novell Open Enterprise Server (OES) 2 Support Pack 2 (SP2) Linux. This information is also available on the server as the man page. -
Page 14: Vlog
“VLOG Options” on page Availability Novell Open Enterprise Server 2 Support Pack 3 Linux or later. It is also available as a patch (released in April 2010) to Novell Open Enterprise Server 2 Support Pack 2 Linux. Syntax... - Page 15 (Default) Extensible Markup Language (XML) format. Comma Separated Values (CSV) format. SENT Format compatible with Novell Sentinel/Log Manager products. [-F, --filterFile] FILE-PATH Specifies a filter file that contains include and exclude filter patterns to be applied to the auditing records that are received from the NSS Auditing Engine ( ).
- Page 16 Normal (default). Only fatal errors are emitted. -10 through -1 Silent. No error, or other, messages emitted. For example, to set the verbose level to 22, enter /opt/novell/vigil/bin/vlog -V 22 The verbose messages for fatal errors, configuration changes, and internal modes are sent to stderr --filterTest Filter pattern debugging option.
- Page 17 Filtering Records application supports filtering of events, as they are received from the NSS Auditing vlog Engine ( ), by using filter patterns. Filter patterns are rules for filtering events. You can use vigil either of the following methods to specify filter patterns: A filter file of filter patterns (consisting of one filter pattern per line) can be specified with the ...
- Page 18 Filter Keywords for Type VIGIL Records The keywords for VIGIL record types are as follows: START Each time the kernel module is loaded, a “Start” record is sent to all auditing clients. vigil.ko STOP Each time the kernel module is unloaded, a “Stop” record is sent to all auditing vigil.ko clients.
- Page 19 Specifies a filter pattern that excludes all records of type VIGIL from the output, except vlog records, which are shown in the output. Roll vlog /opt/novell/vigil/bin/vlog -p":-roll -user_stop -user_start" Specifies a filter pattern that excludes records, records, and Roll User stopped User records from the output.
- Page 20 Filter Syntax for Type NSS, NCP, and CIFS Records [negation_element]path_element (event [event...]) Patterns for filtering records of type NSS, NCP and CIFS consist of three elements in the following order: 1. Negation Element: Indicates whether records that match the specified filter patterns that follow are to be included or excluded from the auditing log.
- Page 21 Path Element Options The path element of the filter pattern is a filename-matching pattern or directory-name-matching pattern that specifies directories or files to include or exclude from the audit log. The path element immediately follows the negation element (if present). The path element is delimited from event element by a [space or tab] character.
- Page 22 Path Element Examples This section provides examples of path elements and a description of how each might be applied. /a[-e]?/joke Filename Matches (Yes or No) /a-h/joke Yes. /adh/joke No. The [e-] group only includes “e” and “-”, not “d”. /aeh/joke Yes.
- Page 23 /a[def][hij]?/joke Filename Matches (Yes or No) /afh/joke No. No character matches the “?”. /afhz/joke Yes. /agfh/joke No. Need character from [def] group. /a[e-]?/joke Filename Matches (Yes or No) /a-h/joke Yes. /aeh/joke Yes. /afh/joke No. The [e-] group only includes “e” and “-”, not “f”.
- Page 24 /a**/ Filename Matches (Yes or No) /a/b/c/d No. Must end with the “/” character. /a/b/c/d/ Yes. /a*/ Filename Matches (Yes or No) /a/b/c/d No. “*” does not match the “/” character. /a/*/b/c/**/e/f Filename Matches (Yes or No) /a/b/b/c/d/d/d/d/e/f Yes. /a/b/b/c/d/d/d/d/e/f/e/f/e/f Yes.
- Page 25 abc{,,,{,x,,},,,}def Filename Matches (Yes or No) abcdef Yes. abcxdef Yes. abcydef No. Nothing after “abc” allows “y”. abc{}def Filename Matches (Yes or No) abcdef Yes. abc*{def,xyz,hij,{a*[d-g],b*[7-9]}z}qrt*m Filename Matches (Yes or No) abcadzqrtm Yes. abcaezqrtm Yes. abcb6zqrtm No. Nothing after “abcd” would allow “6”.
- Page 26 VOL2:/a*?/a Filename Matches (Yes or No) VOL1:/abb/a VOL2:/a**?/a Filename Matches (Yes or No) VOL2:/a/b/c/a Yes. Event Element Options The event element consists of a list of events enclosed in parentheses. The events listed in the parentheses are delimited by a [space or tab] character. The event element follows the path element delimiter (space character or tab character).
- Page 27 Includes all elements. (OPEN CLOSE RENAME) Includes only the , and events. OPEN CLOSE RENAME (* !OPEN) Includes all events except OPEN This list could also have been specified as . All excluded (negated) events are (!OPEN *) removed after first creating a list of events that are included (non-negated). (OPEN CLOSE !RENAME) Includes only the events.
- Page 28 Event Sub-Type Examples This section provides examples of event element patterns and a description of how each might be applied. Matches all events. (OPEN) Matches all events (including the NSS, NCP, and CIFS sub-types). OPEN (OPEN CLOSE) Matches only the events (including the NSS, NCP, and CIFS sub-types).
-
Page 29: Troubleshooting
After an Auditing Client has been established, the NSS Auditing Engine ( ) architecture has vigil been designed to store the auditing records in files in the directory specified by the auditing application (such as or Novell Sentinel). vlog VLOG Utility Man Page... - Page 30 Method 1: Stop and Start (or Restart) the NSS Auditing Engine To do this, enter the following commands as the user at a terminal console prompt: root ./etc/init.d/novell-vigil stop ./etc/init.d/novell-vigil start Or you can enter the following command to restart the engine: ./etc/init.d/novell-vigil restart...
-
Page 31: See Also
Auditing Client if the client directory is the current working directory. Authors Copyright 2009–2010, Novell, Inc. All rights reserved. http://www.novell.com See Also To report problems with this software or its documentation, visit http://bugzilla.novell.com VLOG Utility Man Page... - Page 32 OES 2 SP2: NSS Auditing Client Logger (VLOG) Utility Reference...
Need help?
Do you have a question about the OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010 and is the answer not in the manual?
Questions and answers