Configuring event auditing using Novell iManager

You can configure event auditing for XDASv2 in Novell iManager.

Procedure

  1. Log in to your Novell iManager console user interface.
  2. From the navigation bar, click Roles and Tasks.
  3. In the left-hand navigation, click eDirectory Auditing > Audit Configuration.

    The Audit Configuration panel is displayed.

  4. In the NPC Server name field, type the name of your NPC Server.
  5. Click OK.

    The Audit Configuration for the NPC Server is displayed.

  6. Configure the following parameters:
    1. On the Components panel, select one or both of the following:

      DS - Select this check box to audit XDASv2 events for an eDirectory object.

      LDAP - Select this check box to audit XDASv2 events for a Lightweight Directory Access Protocol (LDAP) object.

  7. On the Log Event's Large Values panel, select one of the following:

    Log Large Values - Select this option to log events that are larger than 768 bytes.

    Don't Log Large Values - Select this option to log events less than 768 bytes. If a value exceeds 768 bytes, then the event is truncated.

  8. On the XDAS Events Configuration, select the check boxes of the events you want XDAS to capture and forward to IBM QRadar.
  9. Click Apply.
  10. On the XDAS tab, click XDASRoles.

    The XDAS Roles Configuration panel is displayed.

  11. Configure the following role parameters:
    1. Select a check box for each object class to support event collection.
  12. From the Available Attribute(s) list, select any attributes and click the arrow to add these to the Selected Attribute(s) list.
  13. Click OK after you have added the object attributes.
  14. Click Apply.
  15. On the XDAS tab, click XDASAccounts.

    The XDAS Accounts Configuration panel is displayed.

  16. Configure the following account parameters:
    1. From the Available Classes list, select any classes and click the arrow to add these to the Selected Attribute(s) list.
  17. Click OK after you have added the object attributes.
  18. Click Apply.

What to do next

You are now ready to add a log source in QRadar.