hi
I trying to configure the internal novell naudit engine to capture
events from access manager devices .
The events should be captured to sql server using jdbc channel .

The channel itself seems to be working correctly ( when i start the
naudit on the admin console service events from Nsure
Audit\Configuration are recored to DB )
The problem is that no events are captured from LAG/IDS devices .

when i looked at nproduct.log at one of my LAG servers i can see the
follwing error ;

Wed Jul 18 11:07:03 2012 [Novell Audit Platform Agent]: Ack Not
received - Going to end the connection
Wed Jul 18 11:07:03 2012 [Novell Audit Platform Agent]: This is from
EndClientConnection
Wed Jul 18 11:07:03 2012 [Novell Audit Platform Agent]: LCache could
not process event for the application Novell Access Manager.
Reconnecting LCache Again.
Wed Jul 18 11:07:03 2012 [Novell Audit Platform Agent]: ACK Failure for
nidp
Wed Jul 18 11:07:03 2012 [Novell Audit Platform Agent]: LCache could
not process, Going to restart/connect again
Wed Jul 18 11:12:03 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 11:22:10 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 11:32:16 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 11:42:22 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 11:52:41 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 12:02:52 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 12:13:01 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 12:20:44 2012 [Novell Audit Platform Agent]: Using primary
Secure Log Server 10.8.6.24.
Wed Jul 18 12:20:44 2012 [Novell Audit Platform Agent]: Failing primary
connection for application Novell Access Manager.
Wed Jul 18 12:30:47 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 12:32:36 2012 [Novell Audit Platform Agent]: This is from
EndClientConnection
Wed Jul 18 12:32:36 2012 [Novell Audit Platform Agent]: LCache could
not process event for the application Novell Access Manager.
Reconnecting LCache Again.
Wed Jul 18 12:32:36 2012 [Novell Audit Platform Agent]: Ack Not
received - Going to end the connection
Wed Jul 18 12:32:36 2012 [Novell Audit Platform Agent]: This is from
EndClientConnection
Wed Jul 18 12:32:36 2012 [Novell Audit Platform Agent]: LCache could
not process event for the application Novell Access Manager.
Reconnecting LCache Again.
Wed Jul 18 12:32:36 2012 [Novell Audit Platform Agent]: ACK Failure for
nidp\idff
Wed Jul 18 12:32:36 2012 [Novell Audit Platform Agent]: LCache could
not process, Going to restart/connect again
Wed Jul 18 12:40:50 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
Wed Jul 18 12:50:51 2012 [Novell Audit Platform Agent]: Attempting to
re-establish connection to secure log server for application Novell
Access Manager.
~

Now , the access manager devices ( ids/lag's) and the admin console
server are on separated network segments .
Examining the traffic between the LAG and Admin Console server ( using
tcpdump ) on port 289 seems correctly :

13:33:15.690237 IP (tos 0x0, ttl 64, id 47425, offset 0, flags [DF],
proto TCP (6), length 60) my.xxxx.co.il.41628 >
am-admin-01.xxxx.co.il.289: S, cksum 0x0898 (correct),
742979283:742979283(0) win 5840 <mss 1460,sackOK,timestamp 675630994
0,nop,wscale 6>
13:33:15.690795 IP (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto
TCP (6), length 40) am-admin-01.xxxx.co.il.289 > my.xxxx.co.il.41628: R,
cksum 0xff0d (correct), 0:0(0) ack 742979284 win 0


what could be the reason for that ?

Thanks
Eyal


--
ayalon
------------------------------------------------------------------------
ayalon's Profile: http://forums.novell.com/member.php?userid=45180
View this thread: http://forums.novell.com/showthread.php?t=458028