I've used BorderManager since the early days, and upon recently
upgrading to 3.9 I've been disappointed to discover that Novell has
removed rule hit checking from NWadmin. Because the new, experimental
ACLCHECK.NLM that is capable of logging rule hits to a text file also
abends our server, that means that I'm left with installing and
configuring auditing.

What I'd like to do is to have some way to access the audit logs like we
used to use NWadmin. What we would do would be to run rule hits in
NWadmin, then sort all of the users by the largest number of different
unique URL hits. We would start by scanning through the records of a
person who had, say, 1000 unique URL hits, and then work our way down
from there. From what I've been able to discern there is no longer a
utility that will allow us to look at our rule hits in this way.
Please tell me if I'm wrong.

So I need to figure out how to configure auditing. If there is no way
to sort and view the data as I described, then I guess I'm going to need
text files. I'm an amateur programmer and can write some simple
programs to take a text file and turn it into a form we can use. In our
scenario would there be any advantage to using a MySQL data store for
auditing, or should we just use a flat file?

Finally, a non-BorderManager question if I may... If I have to add MySQL
to the server would I just rerun the NetWare overlay installer and add
the MySQL product? Should this work smoothly, or would I have to worry
about something getting messed up? Thanks for any and all help.


- Jim Wagner

In article <tVqLk.3036$Fg1.1810@kovat.provo.novell.com>, Jim Wagner wrote:
> So I need to figure out how to configure auditing. If there is no way
> to sort and view the data as I described, then I guess I'm going to need
> text files. I'm an amateur programmer and can write some simple
> programs to take a text file and turn it into a form we can use. In our
> scenario would there be any advantage to using a MySQL data store for
> auditing, or should we just use a flat file?
>
Novell auditing is designed to log to a database, and thus you would use
some database query reporting tool to pull the data out. Pretty general
answer, I know, but ultimately you could end up with a very automated,
customized reporting tool doing exactly what you want with little to no
input. Getting to that point is obviously going to take some work, and I
think the bulk of the effort would be related to the database query
portion.

> Finally, a non-BorderManager question if I may... If I have to add MySQL
> to the server would I just rerun the NetWare overlay installer and add
> the MySQL product? Should this work smoothly, or would I have to worry
> about something getting messed up? Thanks for any and all help.

It should be quite easy to do as long as the overlay CD/DVD is at the same
service pack level as the server. You can do this most easily at the
server GUI, but you could also use remote deployment option to do it from a
PC. Note: you can mount an .ISO image as a volume on NW65sp3 (?) and
later, so you could skip burning an overlay disk if you wanted to.


Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Craig Johnson wrote:
> Novell auditing is designed to log to a database, and thus you would use
> some database query reporting tool to pull the data out. Pretty general
> answer, I know, but ultimately you could end up with a very automated,
> customized reporting tool doing exactly what you want with little to no
> input. Getting to that point is obviously going to take some work, and I
> think the bulk of the effort would be related to the database query
> portion.

If only I had the skills to do it. As a technology coordinator in a
small school district I have to be a jack-of-all-technology-trades but
get little time to master any.

<rant>
Why in the world did Novell feel that it had to remove this
functionality from the final version of BorderManager? Couldn't they
have left it in for people who have used and depended on it for years?
Wouldn't it have been easier to leave it in than to take it out?
</rant>

It sounds like using MySQL as a data store wouldn't be of any advantage
because I would have to export to a text file anyway to manipulate the
data. All of this just to get back to something approximating the
functionality that we had.

> It should be quite easy to do as long as the overlay CD/DVD is at the same
> service pack level as the server. You can do this most easily at the
> server GUI, but you could also use remote deployment option to do it from a
> PC. Note: you can mount an .ISO image as a volume on NW65sp3 (?) and
> later, so you could skip burning an overlay disk if you wanted to.

Good to know for future reference. Thanks.



-J.W.

In article <rY%Lk.3652$Fg1.2696@kovat.provo.novell.com>, Jim Wagner
wrote:
> <rant>
> Why in the world did Novell feel that it had to remove this
> functionality from the final version of BorderManager? Couldn't they
> have left it in for people who have used and depended on it for years?
> Wouldn't it have been easier to leave it in than to take it out?
> </rant>
>
Probably because the only way the data was available to export from the
btrieve database was the function built into NWADMN32, and Novell decided
years ago to not put any more engineering effort into that utility. I
had hoped that Novell would have retained the ability to still record the
access rule logging in the same way as before, and then add a feature to
NRM to export the log data as before. After all, NRM already pulls data
out for the VPN audit log, so I would assume most of the code to pull
proxy or rules data is pretty much done.

Novell Audit has a number of advantages over the old style of logging to
btrieve, but quick and easy configuration isn't really one of them, in my
opinion.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***