I'm getting all of the eDirectory information now via syslog communication with a caching feature turned on each of our eDirectory servers in case communication gets interrupted for an extended period of time. I wanted to share what worked for us, in case someone else needs the guidance.
As a point of reference we are on eDirectory 8.8 SP 8
Used the following for guidance:
https://www.netiq.com/documentation/edir88/edirxdas_admin/data/bookinfo.html
On most of the servers I was dealing with I had to install the following:
novell-edirectory-xdasinstrument
novell-edirectory-xdaslog
novell-edirectory-xdaslog-conf
I also installed the novell-edirectory-log4cxx. I just used YaST2 as it was handy and quick.
I then went to the /etc/opt/novell/eDirectory/conf directory and used the xdasconfig.properties.template file to create my xdasconfig.properties file with the settings I wanted to use. Again, I choose syslog with caching. I had to create a data input on the Splunk server that matched the TCP port I setup in the xdasconfig.properties file. I had to log into our iManager, go to the eDirectory Auditing then Audit Configuration, picked the server in eDirectory I was attempting to audit and choose the values I wanted in there. Then back under /etc/opt/novell/eDirectory/conf folder there is another file that needed an additional setting. This is what I kept on missing.
You have to edit the ndsmodules.conf file and add the xdasauditds to the list. I choose auto for the option as I want it to autoload anytime the server is restarted or the service is started. I then used this command (/etc/init.d/ndsd stop) to stop eDirectory, and then /etc/init.d/ndsd start to start it back up.
Information starts to flow into Splunk as expected then.
Hope this will help someone!
Aaron
... View more
