Nsure Audit Essentials Rick Meredith Software Engineer Novell

Nsure™ Audit Essentials Rick Meredith Software Engineer Novell, Inc. Jaime Brimhall Software Engineer Novell, Inc.

The one Net vision 2 © March 9, 2004 Novell Inc.

The one Net vision 3 © March 9, 2004 Novell Inc.

Presentation Overview and Architecture Administration & Configuration • Platform Agent • Server Configuration • Queries • Reports Application Instrumentation • Frozen Bubble Instrumentation Verification • 4 © March 9, 2004 Novell Inc. Signing and Chaining Events.

Nsure Audit Overview & Architecture Secure Logging Server Application JMS Event Adapter C API TCP/IP (TLS) Filter Java API Monitoring Service Notification Service Platform Agent SMTP SNMP SYSLOG Storage Java CVR … Monitoring Applications Alerts/ Notifications Logging Service … Flat File Driver SQL Driver Report Generator [11: 58: 18] My. App IMAP Authentication: Valid login for account “FMSmith" from 137. 65. 47. 144 [11: 58: 18] My. App POP 3 Authentication: Valid login for account "pfeiffer" from 195. 224. 28. 4 Administrator 5 Oracle SQL Server My. SQL File System Crystal Reports

Administration & Configuration Miscellenous Utilities & Tools • Platform Agent Configuration Application i. Manager (web application) is used to: • Configure Secure Logging Server (SLS) • Run Queries • Create Reports LReport is used to: • • 6 © March 9, 2004 Novell Inc. Run Queries Create Report

Platform Agent Platform agent • • Sends the events to the Logging Server • Caches the event in case of communication failure • 7 Collects events from instrumented applications Optionally signs the events for validation © March 9, 2004 Novell Inc.

Platform Agent Configuration Tool 8 © March 9, 2004 Novell Inc.

Secure Logging Server (SLS) • • Logs events to file or database • 9 Receives the events from the platform agent Sends any relevant notifications © March 9, 2004 Novell Inc.

i. Manager Nsure Audit Plugin 10

LReport 11

Application Instrumentation Include the Log. Event header file and library in the application source code If desired, contact Novell Developer Services to obtain a registered application ID and certificate for your product Create a log schema configuration (LSC) file to describe the events that your application will send Call the desired Log. Event functions from the appropriate locations in the application code Create the necessary objects in e. Directory for the Secure Logging Server to recognize the new application 12 © March 9, 2004 Novell Inc.

Log Schema Configuration (LSC) file Defines the different events, used to translate text Can be used with auditext to automatically generate the Application Object #^Frozen Bubble Instrumentation^FBFB^FBubble. Inst^EN # #Event. ID, Description, Text 1 Title, Text 2 Title, Value 1 Type, Value 2 #Title, Value 2 Type, Group Title, Group Type, Data Title, Data Type, Display Schema FBFB, Frozen Bubble Instrumentation, , , , , FBFB 0001, Game Started, , , Start Time, , , FBFB 0002, Level Started, , , Level, , Timestamp, , , FBFB 0003, Level Completed, , , Level, , Timestamp, , , FBFB 0004, Level Completion Time, , , Level, , Total Time, , , FBFB 0005, Premature Exit, , , Level, , Timestamp, , , FBFB 0006, Died, , , Level, , Life Number, , , FBFB 0007, Game Ended, , , Level, , Timestamp, , , FBFB 0008, Final Score and Time, Username, , Level, , Total Time, , , 13 © March 9, 2004 Novell Inc.

Logevent Functions Log. Open – create the log handle, connect to the server Log. Event. Direct – send a log event with any of the available data fields Log. Close – close the log handle Log. Event. Text, Log. Event. Name. Value, Log. Event. Long, Log. Event. Raw are macros that log events with only certain types of data Unicode interface is also available 14 © March 9, 2004 Novell Inc.

Instrumentation of Frozen Bubble 15 © March 9, 2004 Novell Inc.

Verification (Signing & Chaining) 16 © March 9, 2004 Novell Inc.

General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc. , makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.