Logging Server Objects

The Logging Server object represents the physical server where you have installed the Secure Logging Server. However, because the Logging Server object is specific to Nsure Audit, it does not replace the NCP Server object. Instead, each Logging Server object is associated with a host NCP Server object.

The Logging Server object is represented as a container with server attributes: it can contain Nsure Audit objects and it stores all the properties and attributes for the Secure Logging Server.

The following table provides an explanation of the Logging Server object's attributes.

Attribute Description

Configuration

Host Server The distinguished name of the NCP Server object associated with the current logging server.

Click the Object Selector button to select the Host Server in the tree.

NU) 01 February 2006

Driver Directory The directory in which the channel drivers (lgd*) are located.

The default channel driver directories are as follows:

• sys:\system\ (NetWare)

• \program files\novell\nsure audit\ (Windows)

• /opt/novell/naudit/ (Linux)

• /opt/NOVLnaudit/ (Solaris)

Log Channel The Channel object the logging server uses to create the central data store.

Click the Object Selector button to select the Channel object in the tree.

WARNING: The JDBC and Java channels do not work on NetWare 5.x. These channels require JVM 1.4.2 which is not compatible with NetWare 5.x.

Attempting to run either the JDBC or Java channel on NetWare 5.x abends the server.

Secure Logging Certificate File

The path and filename for the Logging Server Certificate.

This attribute enables the logging server to use a custom certificate created with the AudCGen utility. If this field is left blank, the logging server uses the default embedded certificate.

IMPORTANT: Nsure Audit only recognizes certificates that are generated with the AudCGen utility. For information on generating custom certificates, see Section 10.3, “Creating the Secure Logging Certificate,” on page 162.

NSure Audit uses certificates to authenticate client connections. The logging server only accepts connections from applications that have a valid Logging Application Certificate.

For general information on how certificates are used in Nsure Audit, see Chapter 10, “Security and Non-Repudiation,” on page 159.

Secure Logging Privatekey File

The path and filename for the Secure Logging Certificate's private key file.

If this field is left blank, the logging server assumes the private key is included with the certificate and uses the path and filename for the Secure Logging Certificate.

Again, this is only required if you do not use the Nsure Audit program's embedded certificates.

IMPORTANT: Nsure Audit only recognizes certificates and private keys that are generated with the AudCGen utility. For more information, see Section 10.3, “Creating the Secure Logging Certificate,” on page 162.

Containers IMPORTANT: The logging server scans these containers only at startup.

Therefore, if you add a container, you must restart the logging server. For information on restarting the Secure Logging Server, see Section G.3, “Secure Logging Server Startup Commands,” on page 236.

Attribute Description

NU) 01 February 2006

Application Containers The Application containers supported by the current Logging Server object.

Application containers provide a reference point through which the logging server can locate Application objects. Application containers must be included in this list for the logging server to locate their associated Application objects.

For more information on Application containers and objects, see “Application Objects” on page 30.

The Application container in Logging Services is added to this list by default.

Notification Containers The Notification containers supported by the current Logging Server object.

Notification containers provide a reference point through which the logging server can locate Notification Filter and Heartbeat objects. Notification containers must be included in this list for the logging server to locate their associated Notification objects. For more information, see “Notification Objects” on page 32.

The Notification container in Logging Services is added to this list by default.

Channel Containers The Channel containers supported by the current Logging Server object.

Channel containers provide a reference point through which the logging server can locate Channel objects. Channel containers must be included in this list for the logging server to locate their associated Channel objects. For more information on Channel containers and objects, see “Configuring System Channels” on page 69.

The Channel container in Logging Services is added to this list by default.

Memory The memory configuration settings allow you to optimize your logging server's performance. You should adjust these settings based on logging traffic and the amount of memory available to your system. Reasonable values depend on your network.

In organizations that require high-performance logging, these parameters should be set high enough to accommodate peak loads.

For organizations that must minimize potential data loss, these settings should be very small. Although this might slow performance, it minimizes the amount of data that might be lost in the event of server failure.

If incoming log events exceed the amount of memory you have allocated on your logging server, the Platform Agents temporarily write events to their Disconnected Mode Caches until the logging server clears its cache. This prevents any logged events from being lost.

Minimum The amount of memory the server automatically allocates at boot time to handle logging processes.

Because allocating additional memory on the fly can slow down code execution, this setting should represent the minimum amount of memory needed to handle your system's baseline level of logging traffic. Pre-allocating the minimum amount of memory required by your system reduces additional blocking delays when the system is under high load and facilitates faster processing of incoming events.

Normal The amount of memory the server can immediately allocate if logging traffic exceeds the Minimum memory setting.

Attribute Description

NU) 01 February 2006