Doesn't look like anyone every resolved this one. I am trying to set this up and am very new to LEM. I have all the xdas audit pieces setup on the NetIQ SuSE Linux server running eDirectory. I am reasonably certain those pieces are correct. I then added a node for my Linux server. After watching various how to videos and searching the internet, I configured the LEM side the way I think it is supposed to be. What I have is a connector for eDirectory on the appliance with the log file set to /var/log/user. I also have a eDir connector on the node set to /var/opt/novell/eDirectory/log/xdas-events.log.
So far, I am not seeing any alerts in the Monitor view. However, if I SSH into the LEM box and run the checklogs command, I do see the contents of my xdas-events.log file in the [6]: User Log facility. So I know my information is getting the LEM server. So, here goes for questions:
1. how is the log file location in the connector supposed to relate to the actual file location?
2. is the log file location in the connector on the appliance suppose to be relating to a file location on the appliance? if so what is the correct location for the User Log facility
3. is the log file location in the connector on the node suppose to be relating to a file location on the node? if not, then what should it be related to.
Look for any assistance anyone can provide. I am fairly comfortable with the eDirectory/SuSE part of this, but brand new to LEM and did not have any prior experience with Novell Sentinel product either.
THANKS,
Mel