>> We're continuing to struggle with what we're going to do about collecting >> logs from Novell servers, despite the great suggestions from this list. >> There are a bunch of add-on syslog daemons for NetWare >> (including one from Novell as part of their NIMS product); as far as I >> know, however, there are no syslog client NLMs--the easiest way I know >> of to get conlog messages to a remote syslog box is to use Perl for NW. >> There have been a couple of questions about how to monitor >> Novell. I haven't found anything about syslog yet, but it >> appears that Novell has SNMP capabilities. Check out: >> http://lanweb.cit.buffalo.edu/doc/Online/inst-87.html >> if SNMP is an option for you. >> cheers -- tbird Hi list, I am new here, so I apologize, should I repeat something already resolved... But the quotes above are precisely ALL I found in the entire archive of the list and in general... Searching elsewhere on the web, one doesn't get much more info... But I am now in the same situation of wanting/needing/having to collect also Novell logs... I reached the following conclusions: 1) no syslog client available (that I am aware of)... 2) wanting to support applications, other that the OS, even when running modern porting such as Apache, it does not have syslog capabilities like its UX brother... Because apache writes to the local syslog daemon, as far as I know, it doesn't let you tell him a remote box to log to, but just the facility, that's it... The documentation says: "Using syslog instead of a filename enables logging via syslogd(8) if the system supports it. The default is to use syslog facility local7, but you can override this by using the syslog:facility syntax where facility can be one of the names usually documented in syslog(1). Example: ErrorLog syslog:user" - and also in womething written by tbird I found around she was suggesting this approach... Clean, but on Novell is not an option, unfortunately. 3) someone said PERL: any help available, a part from just the language used... Code examples, or such? Anybody knows where to find them? Am I too lame not being able to wirte them? Most likely. I apologize. These are the question. So far the only thing I found is NetIQ Security Manager / Microsoft Operations Manager. The product (as it is most likely known) is the same codebase. What changes are the "rules", grouped in "active knowledge modules"... That would be, simply speaking, the pre-made filters, processing, correlating and alerting rules (that are "physically" queries, stored procedures and scripts in ms msql server...): The difference is that the Microsoft version is oriented more to system management/availability of applications (like all the possible error conditions of exchange ever existed, and this sort of things to "detect" from the eventlogs...), while NetIQ has a "Security" version, that focuses mainly on Windows Security, but they added also capabilities to read Firewall-1 and Cisco PIX logs and configurations, using the pre-existing, syslog server embedded in the products. The feature has always been there - normally the products collects the logs using its own proprietary agent technology - but since the early versions (3.1x if am not wrong), when the product was still produced by missioncritical software, company that later merged in the new NetIQ, it was able ALSO to collect syslogs. The new product has unix management/auditing (limited), and it also alerts from ISS RealSecure. It is a cool "manager of managers". NetIQ also produces additional sets of rules (based on his own "security manager") that you can install on the Microsoft counterpart (MOM). A couple of days ago I found that... they now have one of this "modules" for Novell, too ! Freshly added. But at the moment in which I am writing, the module for Novell (which, by the way, uses SNMP with some extension: Microsoft WBEM SNMP Provider) is ONLY available for MOM, and NOT for Security Manager. On the other side, the module for the Cisco PIX is ONLY available for Security manager and NOT for MOM. It looks it is something related to licensing issues. So far, I still don't manage to integrate Novell in my logging infrastructure... With all the rest, I mean! ;) Any idea ? Best regards to everybody, Daniele Muscetta _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 23:11:55 PST