Trying to add workforceID to eDirectory Collector
I'm trying to add WorkforceID to the eDirectory collector.
I have Eclipse installed and working with the Senitnel SDK plug-in.
I have the edirectory collector imported and have been looking through
the various files to get some sort of understanding.
Could you give me some guidance as to where to start? I need to add
workforceID to the audit message that is sent to Sentinel and need to
know which files within the collector I need to make modifications to.
Also, which file do i need to modify to change the severity levels? I
need to make some changes to a few different collectors.
Thanks in advance.
brembold
brembold's Profile: http://forums.novell.com/member.php?userid=4186
View this thread: http://forums.novell.com/showthread.php?t=417817
Thanks for the feedback... I'll point the customer in the direction of
the CMP as that is a can of worms i'm not interested in opening.
Also good feedback on the severity level, they just wanted to see
different levels of severity for different events for their own internal
purposes...
DCorlette;2008652 Wrote:
> Hi brembold,
>
> OK, well this is a lot more complicated then I think you realize.
>
> First off, let's be clear: modification of the existing eDirectory
> Collector is NOT SUPPORTED and will likely break things. There is an
> approved, controlled process used to modify existing shipping Collectors
> which is documented on the SDK website:
> 'Custom Execution Mode - Developer Community'
> (http://developer.novell.com/wiki/ind...Execution_Mode)
>
> In essence, the idea is that you add (not replace) files to the
> Collector, and extend existing maps and methods as needed to change the
> Collector's behavior. On the other hand, you will probably need to walk
> through the existing Collector code to understand how it works, as you
> may need to manipulate internal variables and so forth that you won't
> know about unless you browse through the existing Collector code (and
> maybe debug it, too).
>
> OK, that said, let's look at your two issues:
>
> 1) Add workforce ID to eDir events. At first blush, this isn't
> actually possible because eDir doesn't report workforce ID with every
> event. I am assuming here that you mean that each employee in the
> enterprise is assigned a workforce ID, and you want to be able to always
> have that as part of any events that are initiated by that employee.
> Correct?
> This won't happen simply be editing the Collector; there's a whole
> contextual state that the Collector does not have access to. On the
> other hand, the entire purpose in life of the Compliance Management
> Platform that we sell is to allow you to inject exactly that contextual
> state into eDirectory event data, and in the CMP workforceID is most
> decidedly supported. But, since we spent 9 months with 10 people or so
> developing that solution, you're not likely to be able to replicate its
> functionality on your own.
> If you want to try, however, what I'd suggest is perhaps using a
> correlation rule to automatically create a map when a workforce ID is
> assigned to a user DN, and then using the Mapping Service to apply that
> map when it sees that DN of future input. You can pre-create the map for
> any pre-existing accounts, since otherwise Sentinel will never know
> their workforce IDs. Note that none of this requires touching the
> Collector.
>
> 2) Modifying the Severity: Before we get into the HOW, let's discuss
> the WHY: in Sentinel, the Severity field is defined as a mapping from
> the original event source's assigned severity, log level, or whatever to
> Sentinel's 0-5 Severity levels. For many devices, this is fixed and
> shouldn't be changed, so for example the standard syslog severity levels
> (7-0, with 0 as most critical) are mapped to Sentinel's 0-5, with 5 as
> the most critical. Changing this for a Collector or even specific events
> could potentially break downstream content, and should not be undertaken
> by the faint of heart. Of course, there are also cases where the event
> source does NOT assign a severity, and we are forced to invent them
> based on say the type of event and other "key values" in the event.
>
> Now, there are certainly cases where people want to change the
> "Severity", but in my experience these boil down into three categories:
>
> 1) They disagree with the severity assigned by the original event
> source vendor. So for example they think that a "user add" event that
> fails in LDAP should have an elevated severity, and the vendor, for
> whatever reason, didn't do so. The only recourse in this case is really
> to go complain to the vendor, as we have no control over what they
> produce. We could certainly override their settings, but then if they
> went and corrected their side...
>
> 2) They disagree with the mappings that we provide by default in our
> Collector, either the standard level-to-level mappings or, if not
> available, the mapping we've assigned to some specific event. In this
> case, feel free to suggest an enhancement or even a bugfix to the
> specific Collector via Novell's bugzilla, as this is important feedback
> we want to hear.
>
> 3) They really aren't looking for Severity, they're trying to calculate
> a "risk rating" and, for their specific enterprise, there are certain
> events that they can define as higher or lower risk than the normal
> severity assignments. In some cases the customer just isn't interested
> in, say, modification of certain attributes, or something like that. In
> other cases the customer wants to lower the risk rating based on what
> type of asset (server vs. desktop) that the event is coming from. In any
> case, the point is that the narrowly defined "Severity" field is not
> really the place to do this; what you really want to do is create a map
> that combines Severity with some other set of fields (maybe ObserverIP,
> and create a list of critical assets) and then populates some custom
> field with your internal risk rating.
>
> Now, if you want to just ignore what I said above and really do want to
> change the standard assigned severities, you can in some cases look for
> a file like 'severity.map' in the Collector, and if found, duplicate the
> format and assign your own severities, import that file into the
> Collector, then import a custom.js file that, in the initialize()
> method, uses the KeyMap.extend() method to read in your new file and
> extend/replace the existing mappings.
>
> Hope this helps, and if you'd like more assistance please follow up.
brembold
brembold's Profile: http://forums.novell.com/member.php?userid=4186
View this thread: http://forums.novell.com/showthread.php?t=417817
Similar Messages
-
I'm trying to add a playlist manually to my iPhone 4. It won't let me because it's trying to delete all of the music currently on my iPhone. Is there any way to prevent this from happening in order to start manually updating it?
Are you leaving the box unchecked to Manually manage music & videos? You don't need to to add anything to the iPhone.
Simply drag the playlist to the iPhone to manually add it. -
I am trying to add music on my Iphone 4S without deleting my current music list
I am trying to add music on my Iphone 4S without deleting my current music list
See this user tip: Recovering your iTunes library from your iPod or iOS device.
tt2 -
I have garage band ver 10.0.2 and am trying to add effects to an audio track but i have no info button or track info under the track tab. How do i get these things to show up on my program?
In GarageBand 10.0.2 you can no longer add all kinds of effects freely; this GarageBand '11 feature has been discontinued. Pick one of the predefined patches that already has the effects you want.
However, you can add effects from the predefined audio units.
You'll see the predefined effects on the track, when you open the Smart Controls. To add audio units, click the button and enlarge the the smart controls pane by dragging the dividing line to the Track Area upwards. -
What do I need to do to get my music from my itunes library onto my phone? I originally added music from a diffnerent itues account, and now that I am trying to add from my own it will not transfer...however, in the bar on the bottom of itunes it shows that it is on my phone...but it does not display anywhere else and I cannot find it in my phone. Do I need to connect to the original itunes account and delete that music in order for my library to show?
As you connect your ipod to iTunes, an option in the upper right of the screen will appear. When you click this, it will show the different menu for your ipod.
-
I am trying to add my work email to my Iphone 3 and can't get it added....any ideas??
I am trying to add a second email/work email to my iphone and can't get it added...anyone have any ideas?
Talk to your IT department and make sure you have the correct settings.
-
I get error message when trying to add key tags
I get error message when trying to add key tags
You should always backup your iPad before ever doing anything major that coould result in a catastrophic loss is something goes wrong. You can then usually restore from the backup when your iPad has recovered.
You should also be sure to have transfered any new purchases directly to your iPad to the iTunes app on your computer on a regular basis. -
My camera can be set to record as motion JPEG or light AVCHD. It was set for AVCHD. Could that be affecting it? If so, can you think of any way I can load these. I am trying to add them to an IMovie I started from a different source.
Stevomacrocket wrote:
I had this problem.
The answer is to close iphoto (you might have to force quit iphoto if it starts automatically when you connect the camera or insert the SD card) and open imovie.
Imovie then presents an import page which easily imports the video into imovie.
It is a real bad idea to "force Quit" iPhoto - if it has any update activity going on that you interrupt you can corrupt your library an close data or even photos - Force quit should ONLY be used in an emergency where there is no other alternative and you are positive that nothing is going on in iPhoto
LN -
I guess it has been a year since I last purchased something on I-tunes and my account is saying that they couldn't authorize my card for some of my purchases. I am trying to add a new credit card to clear this up and it keeps saying that I have to enter a valid security code. I have tried 2 different cards and I get the same thing. I have also added an I-tunes gift card and that isn't clearing up the money that I owe. It is showing that I have a $25 credit for that. How do I fix this, I have been trying for days and all I have got from the e-mail tech support is that its my credit card issuer that is causing the problem. Thats not correct because one of the credit cards that I am trying to use, is a prepaid Visa gift card. I know that these work on I-tunes because I have used them before in the past. I am getting very frustrated with this whole process, I just want to clear up my account and buy some new music!! HELP!!
You probably ran into blocks & locks.
iTunes Store Support
http://www.apple.com/emea/support/itunes/contact.html
They'll sort it out. -
I am trying to add a game to my sons I touch pad. It is a free game. It asks for verification of password and credit card info. Every time, it tells me that my time has expired. Help.
It asked me that too.Don't worry and just put it in. Itunes doesn't charge unless your son buys something. The password happens to me all the time. Credit card was only once. Just make sure your son knows not to buy anything without permission so he doesn't accidently charge you something.
-
I have been trying to add my iPhoto Library to files for time machine backup.
I was instructed to click on the Options minus button - but it is greyed out and not functional.
What is the solution ?
Your help will be much appreciated.
Thank you.
Roberto KayYou can "see" the iPhoto library in Time Machine backups, but you cannot "open" the library or "browse" the contents while you are in Time Machine.
Apple makes you restore the entire iPhoto library to another destination...like your desktop....if you want to retrieve a few older images that you may have deleted by mistake.
This is a convoluted mess, but unfortunately, that is the way it is.
See Pondini's excellent, detailed information on this:
http://pondini.org/TM/15.html
You might also want to post in the iPhoto support area to see if the experts over there might have a workaround for you. I cannot find one, but I'm not an iPhoto expert.
iPhoto -
QtCreator hangs while trying to add files to a project
Hi everyone.
When I'm trying to add existing files to my current project (or even create new project) a file manager window appears to choose a file/folder. No matter what I do (ok, cancel, etc) this window won't close, and it also hangs the whole qtcreator.
What's wrong with it?
qtcreator 3.3.0-1
DE - cinnamon 2.4.6-1
Thanks in advance.
Last edited by mkdy (2015-01-28 19:03:32)Downgraded following packages to older versions:
qt5-base-5.3.2-2-x86_64.pkg.tar.xz
qt5-declarative-5.3.2-2-x86_64.pkg.tar.xz
qt5-quick1-5.3.2-2-x86_64.pkg.tar.xz
qt5-quickcontrols-5.3.2-2-x86_64.pkg.tar.xz
qt5-script-5.3.2-2-x86_64.pkg.tar.xz
qt5-sensors-5.3.2-2-x86_64.pkg.tar.xz
qt5-tools-5.3.2-2-x86_64.pkg.tar.xz
qt5-translations-5.3.2-2-x86_64.pkg.tar.xz
qt5-webkit-5.3.2-2-x86_64.pkg.tar.xz
qtcreator-3.2.2-1-x86_64.pkg.tar.xz
Works fine now. -
I was trying to add an itunes library to my computer, and now my itunes library can not be found. An ipod can be synced with only one iTunes library at a time. How can I find my Itunes library, complete with playlists ?
I have the same problem too and tried alot of things like time zone , restarting or changing DNS of wifi connection to 8.8.8.8 still nothing happens .. !!
iPhone 5s, iOS 8.3 -
I have four devices on one Apple ID, i have seperate emails and phone numbers for each device but when I tried to add one to my iPod, it said that the email was already in use. I have tried many things and the only guess I have is that either someone else has this email as their iMessage but is fake or it wasn't taken off my old iPod when I reset it. Any ideas on what to do?
Thanks but that doesn't give me the information I need. I am putting an email on my ipod for people to contact me for iMessage and FaceTime but when I put the email in, it gives me an error saying that the email cannot be veirified because it is already in use. My Apple ID can be varified, just not the email that they will contact me with.
-
I am trying to add my sons email address to our family apple id but it says that it already associated with another apple id. How can i find out what the apple id is and take his email address off that one?
You may be able to find your Apple ID at Look up your old and forgotten Apple ID
Maybe you are looking for
-
Help needed in Print List Archiving
Hi Experts, I have archiuved the Print or Spool List and I am able to see that in the OADR Transaction. While tring to open document from storage I am getting this error : <b>"Error calling application via OLE ALVIEWER.APP"</b>. What is the cause of
-
Date Deviates from permissible range [Purchase Order - Value Date]
hello all, i want to add a Purchase Order (Services) Posting date 05/07/2008 and Delivery Date is 09/30/2008, it prompts me the Error "Date Deviates from permissible range [Purchase Order - Value Date]", now this is my question. what is the date rang
-
In Planning you have the option to select Alias or MemberName for the Page\Point of View Dimensions. If you have more than one Alias how can you specify which alias for the forms to use ?
-
Pantone Color sticks, which one should I invest in?
Hi all, I'm about to purchase my first PANTONE color matching library/sticks. I work in both the digital and print spaces and apart from that my only other requirement is to be able to know what printed metalic colors are etc. If someone could someon
-
Hi, i've created excise invoice in j1is tcode Using which standard tcode i can take printout of excise invoice created in J1IS i checked J1IP But here excise invoice created in J1IS is not coming. Pl suggest