Help banner

Configuring Multiple Logging Servers

You might consider configuring multiple Secure Logging Servers if your situation meets one of the following scenarios:

Each scenario requires a different setup, which is described below.

 

Scenario 1: Large eDirectory Tree

All logging servers typically read their configuration information regarding channels and notifications from the Channels.Logging Services and Notifications.Logging Services containers. Each server that uses the default configuration uses those containers and loads the channels located within them. If all of the logging servers read the same channels, then they also send data to the same database, which might mean sending data across the WAN.

If you do not want data sent across a WAN and you have an extremely large eDirectory tree, you can install multiple logging servers and create unique channel and notification containers for each logging server.

To configure a logging server to use its own channel container:

  1. In iManager, click Roles and Tasks > eDirectory Administration > Create Object > Novell Audit Channel Container > OK.

  2. On the Create Novell Audit Channel Container page, specify a channel name and context, then click OK.

    For the context, browse to and select the appropriate Logging Server object in the tree.

  3. In Roles and Tasks, click Auditing and Logging > Logging Server Options; browse to and select the Logging Server object, then click OK.

  4. Click the Channels tab or select Channels from the drop-down menu, depending on your browser.

  5. Click Container Actions > Add Container.

  6. On the Object Selector page, browse to the new container created in the logging server container.

  7. To remove the original Channel container from the logging server configuration: in the Channels page, select the Channels box, then click Container Actions > Remove Container.

  8. Repeat these steps for each logging server.

 

To configure a logging server to use its own notification container:

  1. In iManager, click Roles and Tasks > eDirectory Administration > Create Object > Novell Audit Notification Container > OK.

  2. On the Create Novell Audit Notification Container page, specify a notification name and context, then click OK.

    For the context, browse to and select the appropriate Logging Server object in the tree.

  3. In Roles and Tasks, click Auditing and Logging > Logging Server Options; browse to and select the Logging Server object, then click OK.

  4. Click the Notifications tab or select Notifications from the drop-down menu, depending on your browser.

  5. Click Container Actions > Add Container.

  6. On the Object Selector page, browse to the new container created in the logging server container.

  7. To remove the original Notifications container from the logging server configuration, in the Notifications page, select the Notifications box, then click Container Actions > Remove Container.

  8. Repeat these steps for each logging server.

 

Scenario 2: Redundancy

In the case of a server crash, you might want the Platform Agents to shut down and start logging to another log server for redundancy. In this scenario, each logging server should contain identical information about which database to send data to. (This is the default configuration, so the logging servers are automatically configured to do this.)

To configure the Platform Agents to connect to multiple logging servers in a failover manner, you need to make a minor change to logevent.conf or logevent.cfg, depending on the platform. In the LogHost entry, add multiple logging servers, separated with commas. For example, LogHost=192.168.0.1,192.168.0.3,192.168.0.4.

The Platform Agents connect to the servers in the order specified in this configuration file. If the first logging server goes down, the Platform Agent tries to connect to the second logging server, and so on. For a failover configuration, you should also consider running the database server on a machine separate from any of the logging servers.

The logevent configuration files can also be modified for load balancing. A Novell® Audit logging server can process about 3000 events to a database using native technologies. The databases themselves are capable of processing much more data than that. If you use multiple logging servers with the same configuration, all logging servers log to the same location and process the same notification list. With this setup, the logging servers can log much more data to the data store as a group.

To set up load balancing, modify the LogHost entry in the logevent.conf or logevent.cfg for each Platform Agent. For example, one Platform Agent sends data to 192.168.0.1, and another Platform Agent sends data to 192.168.0.3.

 

Scenario 3: Combination of Large eDirectory Tree and Redundancy

If you have a large eDirectory tree and you want to set up redundancy, complete the following steps:

  1. Identify the logging servers that should be grouped together and send data to the same location.

  2. For each group, create a Channel container in the Logging Services container.

    Name the container with an identifier for the group, such as Group1 Channels. For information on creating a Channel container, see Scenario 1 above.

  3. Add the Secure Logging Servers in the group to the Trustees List for the Channel container.

    Each Secure Logging Server needs Read and Compare rights for the Channel container and its contents. For more information about assigning rights to a Secure Logging Server, see the Novell Audit Administration Guide.

  4. For each logging server in a group, add the group_name Channel container to the logging server channel configuration, then remove the original Channel.Logging Services container object from the logging server configuration.

    For more information on removing a Channel container, see Scenario 1 above.

  5. Repeat Steps 1-4 for each group of logging servers.

  6. Modify the LogHost entry in the logevent.conf or logevent.cfg for each Platform Agent by adding the IP addresses of the logging servers in the group to the LogHost entry.

    With this modification, the Platform Agents log specifically to the group of logging servers that they are a member of, regardless of the status of the servers. For more information, see Scenario 2 above.

Related Topics

Configuring the Secure Logging Server

Novell Audit Help

A trademark symbol (®, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.

Close