In article <wilkinwm.3i1v40@no-mx.forums.novell.com>, Wilkinwm wrote:
> Craig you seemed to skip over the Proxy NSure Audit initialization
> failed with Error code 9. This is on the Proxy Console Server screen.
>
I'm not sure yet what it means.

Have you tried loading LENGINE /d?

That should give a debug screen that may be helpful.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Thanks Craig. I'll let you know what I see. //Bill


--
wilkinwm
------------------------------------------------------------------------
wilkinwm's Profile: http://forums.novell.com/member.php?userid=10349
View this thread: http://forums.novell.com/showthread.php?t=348695

wilkinwm wrote:
> Thanks Craig. I'll let you know what I see. //Bill

I've gone ahead and tried the lengine -d, and it doesn't give any sort
of troubleshooting information. It only tells how many events were
received, memory usage, uptime, etc.

On another note, I found a TID that says to be sure to load auditing
before STARTBRD. I thought surely this would clear up the error on the
BM status screen. It didn't. The error did change, though. Now it reads:
"Proxy Nsure Audit initialization failed with error code = 20"

This doesn't seem like progress. It sure would be nice to know what
those error codes mean.


-J.W.

In article <NxpOk.5826$Fg1.4069@kovat.provo.novell.com>, Jim Wagner
wrote:
> This doesn't seem like progress. It sure would be nice to know what
> those error codes mean.
>
Agreed. I've done relatively little with it, other than to get
something set up in my lab to put a quick example in my book. I did
not find a list of error codes published. I asked Novell what that
error code means, but I've not gotten a response on it yet. I'll ask
again.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Novell would like to know the following:


Can you check the
following:

"HTTP Proxy logging on NsureAudit server

To enable HTTP Proxy logging on Nsure Audit
Server, set the following configuration in the
proxy.cfg file

[Nsure Audit]

Enable=1
EnableUserAgentLogging=1
EnableErrorMessageDisplay=1

Description of the above flags:

Enable=1: Enables the Nsure Audit logging

EnableUserAgentLogging=1: Logs the UserAgent
information.

EnableErrorMessageDisplay=1: Displays Nsure Audit
initialization error messages on the server console."

With EnableErrorMessageDisplay set to 1 does it return any other error
messages / number codes?



Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

OK, I've found two secrets to making this work that I couldn't find in
the Novell documentation. First, as I mentioned before, STARTBRD must
follow the auditing startup commands in AUTOEXEC.NCF.

Second, RUNAUD.NCF is apparently useless. It does not put "Novell
BorderManager" in "Log Applications" in iManager as it's supposed to,
but I found a way to accomplish this anyway. In iManager, go to the
logging server object and choose the Log Applications tab. Check the
Applications container, then under Application Actions choose New. Give
it the name "Novell BorderManager" and import
sys:etc\proxy\naudit\bm_en.lsc. This made a world of difference. It
made NBM appear under log applications in iManager, got rid of the error
#20 on the BM status screen, and actually got log entries starting to
appear.

Now the problem is that I'm not getting enough information. Here's a
typical log entry:
astudent.Students.MS.AV -
http://facebook.com/beacon/beacon.j...urce=5987628055 - 0 - 26

This is better than nothing, but in the past with NWadmin I was also
able to get the date and time. I need this additional data when I put
together evidence records to give to our school administrators.

Looking at
http://www.novell.com/documentation...ta/botcqgd.html
it appears that we're getting only event ID 00040004 - rule hit logging.
It almost looks like if I want to get the date and time that I'll have
to somehow get event ID 00040001, which would probably trigger for every
proxy request, not just rule hits.

Any ideas, or do I need something that's just impossible with BM 3.9?


-J.W.

In article <1mJOk.6123$Fg1.772@kovat.provo.novell.com>, Jim Wagner wrote:
> It almost looks like if I want to get the date and time that I'll have
> to somehow get event ID 00040001, which would probably trigger for every
> proxy request, not just rule hits.
>
Wouldn't you be getting this information already in the common logs?

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

In article <1mJOk.6123$Fg1.772@kovat.provo.novell.com>, Jim Wagner wrote:
> Second, RUNAUD.NCF is apparently useless. It does not put "Novell
> BorderManager" in "Log Applications" in iManager as it's supposed to,
> but I found a way to accomplish this anyway. In iManager, go to the
> logging server object and choose the Log Applications tab. Check the
> Applications container, then under Application Actions choose New. Give
> it the name "Novell BorderManager" and import
> sys:etc\proxy\naudit\bm_en.lsc. This made a world of difference. It
> made NBM appear under log applications in iManager, got rid of the error
> #20 on the BM status screen, and actually got log entries starting to
> appear.
>
Great! Glad to hear this - I will make sure when I rev. my BMgr book that
I test this and get the information in.

As far as getting the date and time, why not go ahead and log everything to
Naudit?

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Craig Johnson wrote:
> As far as getting the date and time, why not go ahead and log everything to
> Naudit?

Unless I'm missing something the problem would be matching up two types
of audit records. One type only happens for rules hits and does not
include dates and times. On the other hand, the records with the dates
and times happen for all accesses (right?) and don't indicate whether a
rule was hit or not. Together the two types of records have all the
data that I need, but I can't think of a practical way to match them up.

Am I describing the situation accurately? If so it looks like it may be
impossible to get records of rule hits with user, URL, date, and time
from Naudit like we could in good ol' NWadmin. Hopefully I'm
overlooking something.


-J.W.