Accenture MDR Quick Start Guide for Microfocus NetIQ Access Manager
This quick start guide will help Accenture MDR customers configure Microfocus NetIQ Access Manager to send logs to the Log collection Platform (LCP).
This document includes the following topics:
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.
Port Requirements
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
Microfocus NetIQ Access Manager | LCP | 6514 (Secure_TCP) or 514 (UDP) | Default port  |
Prerequisites:
Enable the audit logging individually for each component from Administration Console, prior to device configuration.
Configuring Microfocus NetIQ Access Manager
Enabling Identity Server Audit Events :
Login to Administration Console.
Navigate to Devices > Identity Server > Servers > Edit > Auditing and Logging.
In the Audit Logging section, select Enabled.
Select All - Select this option to audit all events
Click Apply > OK.
Click Servers > Update Servers.
Enabling Access Gateway Audit Events :
Login to Administration Console.
Navigate to Devices > Access Gateways > Edit > Auditing.
Select All - Select this option to audit all events.
Click OK > OK.
On the Access Gateways page, click Update.
Setting Up Logging Server [Administration Console]
Login to Admin Console.
Click Auditing.
Specify the following details :
Field | Description |
---|---|
Audit Messages Using | Syslog: Audit events are sent to the audit server. Note : Log File option is Not Recommended For Production. Please DO NOT select |
Stop Service on Audit Server Failure | Blank |
Server Listening Address | <LCP IP Address> |
Port | Specify the port that syslog uses to connect to the Secure Logging Server. UDP - 514 TLS - 6514 |
Format | CSV format. |
Management Console Audit Events | Select All: Selects all audit events. Note : “Select All“ if you want to enable and forward all audit events. |
Â
If syslog is selected for auditing, perform the following configuration :
In nam.conf ,change the SYSLOG_DAEMON value to rsyslog. This changes the default syslog daemon to rsyslog.
2.Edit the Auditlogging.cfg file and set both SERVERIP and SERVERPORT macros as empty.
LOGDEST=syslog
FORMAT=JSON
SERVERIP=
SERVERPORT=
Configure UDP :
3.Configure the nam.conf file :
#$ModLoad imtcp # load TCP listener
$InputTCPServerRun 1290
$template ForwardFormat,"<%PRI%>%TIMESTAMP:::date-rfc3164% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n"
$ModLoad imudp
local0.* @LCPIP:514;ForwardFormat
Audit logs are being forwarded to the remote server LCPIP and port 514 using UDP
Configure TLS :
Pre-requisite : Each instance of Identity Server, Access Gateway, and Administration Console must have private key, public key certificate, root CA certificate, and CA certificate of the remote Syslog server.
3.Configure the nam.conf file :
Audit logs are being forwarded to the remote server LCPIP and port 6514 using TLS.
4.Restart the rsyslog service.
LCP Configuration Parameters
Table 1-2: The Microfocus NetIQ Access Manager event collector (Syslog -3987) properties to be configured by Accenture are given in the table.
Property | Default value | Description |
Protocol | SECURE TCP | The collector can accept Microfocus NetIQ Access Manager logs in Secure TCP protocol. The collector can also accept logs in UDP. |
Port Number | 6514 | The default port for Secure TCP. For UDP, the default port is 514. |
IP Address | Microfocus NetIQ Access Manager Interface IP Address | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact your onboarding team. |
Signatures | AccessManager,"Novell Access Manager" | MDR recommended signatures processed by the Microfocus NetIQ Access Manager event collector. |
Â
Legal Notice
Copyright © 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.