2.3.3 Installing the Monitor-Package
- Yuriy Ostrovskiy (Deactivated)
- Horst Fuhrmann
Hereby we will show you how to install and configure the ACDI Driver Monitor package. This package saves processed data in third-party drivers.
You need to right-click the package catalog and then “Import package.”
A zip file with the ACDI has a folder with the Audit Driver inside, open it.
You need the folder “Designer” and the next three packages for monitoring. Let’s click Open and then OK.
The packages have been successfully imported.
Now for a driver you want to monitor, you have to add the appropriate package:
Right-click “Properties”
Choose “Packages” and add SKyPRO ACDI Monitor. Click OK and “Apply”
By switching Auditing Mode to “Manual” you are now able to configure where - whether publisher or subscriber - you would like to save events.
Here you can input the driver’s name (“ActiveDirectory1” as example). You will need it later to find data from this driver in the ACDI.
In the program window you will also see a field for the list of events you would like to put in the ACDI.
And a field for status level for events.
Click “Next”, then “Finish” and then “Apply”.
To send this data to the OpenSearch in the ACDI the type of connection you will use needs to be configured:
Go to “Properties” in the driver set.
After that, go to the “GCVs” tab.
Now define how you want the data to be transmitted. There are three options available:
➢ The first one is “Put to ACDI Driver Cache”.
This means that all events will be processed by the driver which DN you will define in the ACDI driver option.
➢ The second is “Send directly to Elasticsearch and/or Logstash”.
These settings are similar to the settings in the ACDI driver. Here you define a path to your OpenSearch, the type of file, user with credentials to write to OpenSearch and a path to the KeyStore with certificate and its password.
➢ And the third option is to try sending it to OpenSearch and, on timeout, put it to the ACD Driver Cache.
After all settings are configured, you need to Deploy the attributes.
And Restart the driver.
5.1 Using Dashboards
ACDI has as its default dashboard NetIQ Driver Dashboard where you can audit and monitor all events that the driver processes.
This dashboard must be adjusted according to the name that is set in the appropriate driver.
“ActiveDirectory1” was used as a name for the monitor, so this name was set in the connected system.
To make all these visuals work, you will need to update the filter of each one of them:
Click “Edit”.
Then click “Edit visualization’’.
Update the name of the connected system.
Replace it with the one you’ve defined in your driver monitor. Save the changes, then click “Save and return.”
5.2 Using Reporting System
The second way is the reporting system. Let’s use the NetIQ Audit Driver Events report.
Here, in the connected system, you will see the list of your driver monitors. You can select a channel as well as the status of events you want to see.
For instance, you need to check all events with an “error” status for the Active Directory driver. Here you have selected the “error” status and the connected system “Active Directory.” Let's click “Run.”
Now you see that during the last seven days, there have been two and a half thousand events with errors. In the table you’ll find the name of your driver, object DN, status doc, which is the base XML with event that came to the driver,
You can find the final event doc here as well.
In event doc, there is the data about the reason for the error. Here it is to see that the internet email address has had a value added and it caused the error: “LDAP attribute or value exists.” It happened because in Active Directory, internet email address is single-valued and there is no opportunity to add more than one value.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch