Home

Results 1 to 2 of 2

Thread: ActiveView - New Connection and Lost Connection permanently

Threaded View

  1. #1
    Join Date
    Jan 2010
    Location
    Argentina
    Posts
    18

    ActiveView - New Connection and Lost Connection permanently

    Hi all

    Post installation of eDirectory and IDM, we configured the audit of 2 new servers
    In the "ActiveView", view permanently "New Connection" and "Lost Connection".


    Environment
    • SLES 11 SP4
    • Directory 9.0.3.1
    • IDM 4.5.6
    • novell-AUDTedirinst-9.0.3-0
    • novell-AUDTplatformagent-2.0.2-80
  2. Sentinel 7.4.3.0_2805



  3. /etc/logevent.conf
    Code:
    LogHost=sentinel.etc.host
    LogEnginePort=1289
    #LogReconnectInterval=10
    LogReconnectInterval=60
    LogCacheDir=/var/opt/novell/naudit/cache
    LogCacheLimitAction=roll cache
    LogForceCaching=Y
    LogDebug=always
    LogMaxCacheSize=5120
    In nproduct.log
    Code:
    Thu Oct 19 12:11:17 2017 [PrepareCache]: New connection to LCache Process
    Thu Oct 19 12:11:17 2017 [Novell Audit Platform Agent]: Starting the new Lcache process...
    Thu Oct 19 12:11:17 2017 [Novell Audit Platform Agent]: Using default path [/opt/novell/naudit/lcache]
    Thu Oct 19 12:11:17 2017 [Novell Audit Platform Agent]: Launching the LCache process from [/opt/novell/naudit/lcache]
    Thu Oct 19 12:11:17 2017 [Novell Audit Cache]: Max Cache Size has been set to 10240 bytes (10 KB) from  5120l bytes.
    Thu Oct 19 12:11:17 2017 [Novell Audit Cache]: Cache Size has been set to [10240l] bytes.
    Thu Oct 19 12:11:17 2017 [Novell Audit Cache]: Log Cache Dir : /var/opt/novell/naudit/cache
    Thu Oct 19 12:11:17 2017 [Novell Audit Cache]: Going to backup the files at startup.
    Thu Oct 19 12:11:19 2017 [Novell Audit Platform Agent]: Re-connecting to LCache Process
    Thu Oct 19 12:11:19 2017 [PrepareCache]: Re-connecting to LCache Process
    Thu Oct 19 12:11:19 2017 [HandleConnection]: New connection on socket 35833
    Thu Oct 19 12:11:19 2017 [eDirectory Instrumentation]: Error 6 registering event 0.
    Thu Oct 19 12:11:19 2017 [eDirectory Instrumentation]: Error -1 registering event 6.
    Thu Oct 19 12:11:44 2017 [GetClientBytes]: Closing the connection. Count is [-1] and Exiting is [0]
    Thu Oct 19 12:11:44 2017 [PA-EndClientConnection]: About to close socket
    Thu Oct 19 12:11:44 2017 [Novell Audit Platform Agent]: LCache could not process event for the application DirXML. Reconnecting LCache Again.
    Thu Oct 19 12:11:44 2017 [PA]: ACK Failure for \Driver and connection closed
    Thu Oct 19 12:11:44 2017 [PA-EndClientConnection]: About to close socket
    Thu Oct 19 12:11:44 2017 [Novell Audit Platform Agent]: LCache could not process event for the application DirXML. Reconnecting LCache Again.
    Thu Oct 19 12:11:44 2017 [Novell Audit Platform Agent]: LCache could not process, Going to restart/connect again
    Thu Oct 19 12:11:44 2017 [PrepareCache]: New connection to LCache Process
    Thu Oct 19 12:11:44 2017 [HandleConnection]: New connection on socket 35945
    Thu Oct 19 12:16:17 2017 [MonitorHealth]: ClientList.size=2, UploadList.size=0 , close_wait=1, LastMinEPS=3
    Thu Oct 19 12:19:09 2017 [GetClientBytes]: Closing the connection. Count is [-1] and Exiting is [0]
    Thu Oct 19 12:19:09 2017 [PA-EndClientConnection]: About to close socket
    Thu Oct 19 12:19:09 2017 [Novell Audit Platform Agent]: LCache could not process event for the application DirXML. Reconnecting LCache Again.
    Thu Oct 19 12:19:09 2017 [PA]: ACK Failure for \dxevent and connection closed
    Thu Oct 19 12:19:09 2017 [PA-EndClientConnection]: About to close socket
    Thu Oct 19 12:19:09 2017 [Novell Audit Platform Agent]: LCache could not process event for the application DirXML. Reconnecting LCache Again.
    Thu Oct 19 12:19:09 2017 [Novell Audit Platform Agent]: LCache could not process, Going to restart/connect again
    Thu Oct 19 12:19:09 2017 [PrepareCache]: New connection to LCache Process
    Thu Oct 19 12:19:09 2017 [HandleConnection]: New connection on socket 36258
    Thu Oct 19 12:21:17 2017 [MonitorHealth]: ClientList.size=3, UploadList.size=2 , close_wait=0, LastMinEPS=3
    In server0.0.log
    Code:
    Thu Oct 19 12:52:18 ART 2017|INFO|eDirInst (/10.94.166.33:48154)|esecurity.ccs.comp.evtsrcmgt.connector.auditserver.AuditConnectorServer.alertNewConnection
    	Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005): Received new event source from machine 10.94.166.33:eDirInst
    Thu Oct 19 12:52:18 ART 2017|INFO|eDirInst (/10.94.166.33:48154)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method LostConnection client Unknown failed : A Novell application eDirInst from machine 10.94.166.33 has lost connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    Thu Oct 19 12:52:20 ART 2017|INFO|eDirInst (/10.94.166.34:50209)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method NewConnection client Unknown failed : A new application eDirInst from machine 10.94.166.34 made a connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    Thu Oct 19 12:52:20 ART 2017|INFO|eDirInst (/10.94.166.34:50209)|esecurity.ccs.comp.evtsrcmgt.connector.auditserver.AuditConnectorServer.alertNewConnection
    	Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005): Received new event source from machine 10.94.166.34:eDirInst
    Thu Oct 19 12:52:20 ART 2017|INFO|eDirInst (/10.94.166.34:50209)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method LostConnection client Unknown failed : A Novell application eDirInst from machine 10.94.166.34 has lost connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    Thu Oct 19 12:52:20 ART 2017|INFO|eDirInst (/10.94.166.34:50210)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method NewConnection client Unknown failed : A new application eDirInst from machine 10.94.166.34 made a connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    Thu Oct 19 12:52:20 ART 2017|INFO|eDirInst (/10.94.166.34:50210)|esecurity.ccs.comp.evtsrcmgt.connector.auditserver.AuditConnectorServer.alertNewConnection
    	Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005): Received new event source from machine 10.94.166.34:eDirInst
    Thu Oct 19 12:52:20 ART 2017|INFO|eDirInst (/10.94.166.34:50210)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method LostConnection client Unknown failed : A Novell application eDirInst from machine 10.94.166.34 has lost connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    Thu Oct 19 12:52:24 ART 2017|INFO|TimerThreadPool pool|esecurity.ccs.comp.event.EventInsertErrorHandlerService$Reporter.reportDiff
    	Event cache /var/opt/novell/sentinel/data/events/triggerErrorBuffer average size over last 300 seconds is 0, 0 enqueues and 0 dequeues
    Thu Oct 19 12:52:24 ART 2017|INFO|TimerThreadPool pool|esecurity.ccs.comp.event.EventInsertErrorHandlerService$Reporter.reportDiff
    	Event cache /var/opt/novell/sentinel/data/events/triggerErrorBuffer average size over last 1,500 seconds is 0, 0 enqueues and 0 dequeues
    Thu Oct 19 12:52:28 ART 2017|INFO|eDirInst (/10.94.166.33:48155)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method NewConnection client Unknown failed : A new application eDirInst from machine 10.94.166.33 made a connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    Thu Oct 19 12:52:28 ART 2017|INFO|eDirInst (/10.94.166.33:48155)|esecurity.ccs.comp.evtsrcmgt.connector.auditserver.AuditConnectorServer.alertNewConnection
    	Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005): Received new event source from machine 10.94.166.33:eDirInst
    Thu Oct 19 12:52:28 ART 2017|INFO|eDirInst (/10.94.166.33:48155)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method LostConnection client Unknown failed : A Novell application eDirInst from machine 10.94.166.33 has lost connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    Thu Oct 19 12:52:28 ART 2017|INFO|eDirInst (/10.94.166.33:48156)|esecurity.ccs.comp.audit.AuditLogger.execute
    	Audit High:: Action by the system via Sentinel service Server object Audit Connector method NewConnection client Unknown failed : A new application eDirInst from machine 10.94.166.33 made a connection with the Audit Event Source Server: Audit Server (ID D892E9F0-3CA7-102B-B598-005056C00005).
    we are considering to downgrade Collectors and Connectors.

    Any ideas.
    Thanks
Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	rsz_carr_sent_foro.png 
Views:	6 
Size:	59.4 KB 
ID:	5968  
Reply With Quote Reply With Quote

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •