Nsure™ Audit EssentialsRick MeredithSoftware EngineerNovell, Inc. Jaime BrimhallSoftware EngineerNovell, Inc.

© March 9, 2004 Novell Inc.2

one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.

The one Net vision

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© March 9, 2004 Novell Inc.3

The one Net vision

Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably.

Novell Nsure™

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© March 9, 2004 Novell Inc.4

Presentation Overview

Overview and Architecture

Administration & Configuration• Platform Agent• Server Configuration• Queries• Reports

Application Instrumentation• Frozen Bubble Instrumentation

Verification• Signing and Chaining Events.

5

Secure Logging Server

Platform Agent

Notification

Service

Logging Service

Filte

r

SMTP

Flat

FileD

river

MonitoringApplications

ReportGenerator

SNMPSYSLO

GStorage

JavaCVR

…SQ

LD

river

Crystal Reports

Java APITCP/IP(TLS)

Alerts/Notifications

JMS

Even

t A

dap

ter

OracleSQL Server

MySQL

File Syste

m

[11:58:18] MyApp\ IMAP\ Authentication: Valid login for account “FMSmith" from 137.65.47.144[11:58:18] MyApp \POP3\ Authentication: Valid login for account "pfeiffer" from 195.224.28.4

C API

Ap

plic

atio

n

Ap

plic

atio

n

Ap

plic

atio

n

…

Monitoring Service

Disconnected

Mode Cache

Administrator

Nsure Audit Overview & Architecture

© March 9, 2004 Novell Inc.6

Administration & Configuration

Miscellenous Utilities & Tools• Platform Agent Configuration

Application

iManager (web application) is used to:• Configure Secure Logging Server (SLS) • Run Queries• Create Reports

LReport is used to:• Run Queries• Create Report

© March 9, 2004 Novell Inc.7

Platform Agent

Platform agent• Collects events from instrumented applications• Sends the events to the Logging Server• Caches the event in case of communication failure• Optionally signs the events for validation

© March 9, 2004 Novell Inc.8

Platform Agent Configuration Tool

© March 9, 2004 Novell Inc.9

Secure Logging Server (SLS)

Secure Logging Server (SLS)• Receives the events from the platform agent• Logs events to file or database• Sends any relevant notifications

10

iManager Nsure Audit Plugin

11

LReport

© March 9, 2004 Novell Inc.12

Application Instrumentation

Include the LogEvent header file and library in the application source code

If desired, contact Novell Developer Services to obtain a registered application ID and certificate for your product

Create a log schema configuration (LSC) file to describe the events that your application will send

Call the desired LogEvent functions from the appropriate locations in the application code

Create the necessary objects in eDirectory for the Secure Logging Server to recognize the new application

© March 9, 2004 Novell Inc.13

Log Schema Configuration (LSC) file

Defines the different events, used to translate text

Can be used with auditext to automatically generate the Application Object

#^Frozen Bubble Instrumentation^FBFB^FBubbleInst^EN##EventID,Description,Text1 Title,Text2 Title,Value1 Title,Value1 Type,Value2 #Title,Value2 Type,Group Title,Group Type,Data Title,Data Type,Display SchemaFBFB,Frozen Bubble,Frozen Bubble Instrumentation,,,,,,,,,,FBFB0001,Game Started,,,,,Start Time,,,,,,FBFB0002,Level Started,,,Level,,Timestamp,,,,,,FBFB0003,Level Completed,,,Level,,Timestamp,,,,,,FBFB0004,Level Completion Time,,,Level,,Total Time,,,,,,FBFB0005,Premature Exit,,,Level,,Timestamp,,,,,,FBFB0006,Died,,,Level,,Life Number,,,,,,FBFB0007,Game Ended,,,Level,,Timestamp,,,,,,FBFB0008,Final Score and Time,Username,,Level,,Total Time,,,,,,

© March 9, 2004 Novell Inc.14

Logevent Functions

LogOpen – create the log handle, connect to the server

LogEventDirect – send a log event with any of the available data fields

LogClose – close the log handle

LogEventText, LogEventNameValue, LogEventLong, LogEventRaw are macros that log events with only certain types of data

Unicode interface is also available

© March 9, 2004 Novell Inc.15

Instrumentation of Frozen Bubble

© March 9, 2004 Novell Inc.16

Verification (Signing & Chaining)

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.