Blue Lance

Bluelance 2.0
Get a demo
View Categories

Modifying Receiver Settings in LT Auditor ᴹᴾ

5 min read

Before configuring your eDirectory or OES NSS servers to forward audit logs, confirm that LT Auditor MP is correctly configured to receive them. The receiver settings define the IP address, port, and protocol that LT Auditor MP listens on for incoming syslog streams from your OpenText systems. This article covers how to review and update these settings in the LT Auditor MP console.

Understanding receiver settings:

LT Auditor MP uses Transformation Rules to define how incoming syslog data is received and processed. Each transformation rule specifies:

  • The IP address the LT Auditor MP server listens on for incoming connections
  • The port number the rule listens on
  • The communication protocol — UDP, TCP, or TLS
  • How the incoming log data is parsed and normalized into structured audit records

Two transformation rules are pre-configured for eDirectory and NSS auditing:

RuleDefault PortSource
eDirectory Transformation Rule5014OpenText eDirectory CEF audit logs
NSS Transformation Rule5015OpenText OES NSS file activity logs

If these default ports conflict with other services in your environment, they can be changed in the transformation rule configuration.

Accessing transformation rules:

  1. Log in to the LT Auditor MP Web UI
  2. Navigate to Configure in the main navigation menu
  3. Locate the relevant transformation rule in the list:
    • The eDirectory rule (default port 5014)
    • The NSS rule (default port 5015)
  4. Click the three vertical action buttons to the right of the rule
  5. Select Edit to open the transformation rule configuration window

Reviewing and updating receiver settings:

Once the transformation rule configuration window is open:

  1. Navigate to the Settings tab
  2. Review and update the following fields as needed:

IP Address: The network interface on the LT Auditor MP server that will listen for incoming syslog connections from your OpenText systems.

ValueDescription
0.0.0.0Listen on all available network interfaces
Specific IPListen only on the specified network interface

Use a specific IP address if your LT Auditor MP server has multiple network interfaces and you want to restrict syslog reception to a specific one. Use 0.0.0.0 to accept connections on any interface.

Port Number: The port the transformation rule listens on for incoming syslog data.

RuleDefault Port
eDirectory5014
NSS5015

If you change the default port, ensure the new port is:

  • Not already in use by another service on the LT Auditor MP server
  • Open in your firewall between the OpenText servers and the LT Auditor MP server
  • Updated in the syslog forwarding configuration on your eDirectory and OES servers to match

Communication Protocol: The transport protocol used for the syslog connection between your OpenText servers and LT Auditor MP.

ProtocolDescriptionRecommended Use
UDPFast, connectionless — no delivery guaranteeLower security requirement environments
TCPReliable, connection-oriented deliveryProduction environments — recommended
TLSEncrypted TCP — secure transportProduction environments with strict security requirements

TLS configuration (if TLS is selected):

If TLS is selected as the protocol, additional settings are required:

SettingDescription
CA Certificate PathPath to the Certificate Authority certificate used to validate client certificates
Enable Mutual TLSRequire the connecting OpenText server to present a client certificate
Verify Server CertificateValidate the server certificate presented by the connecting system
Server NameThe SNI hostname used for certificate validation

[Your administrator should coordinate with your PKI or security team to obtain the appropriate certificates before enabling TLS.]

  1. Click Save to apply your changes

Changes to transformation rule settings take effect immediately. If eDirectory or NSS servers are already forwarding logs to LT Auditor MP, updating the port or protocol will interrupt collection until the syslog forwarding configuration on those servers is updated to match.

Confirming the firewall allows the configured ports:

After reviewing or updating the transformation rule settings, confirm that your firewall allows inbound traffic on the configured ports from your OpenText servers to the LT Auditor MP server.

Test connectivity from an OES server to the LT Auditor MP server:

nc -zv <LT_AuditorMP_Host> <Port>

A successful response confirms the port is open and reachable. If the connection fails, review your firewall rules to ensure the required port is permitted.

[Your administrator should document the configured ports and protocols for both the eDirectory and NSS transformation rules so that OpenText system administrators can configure syslog forwarding to match.]

Duplicating transformation rules:

If your environment has multiple eDirectory servers or OES NSS servers that require different port assignments or protocol configurations, you can duplicate an existing transformation rule and modify the copy:

  1. In the Configure page, locate the transformation rule to duplicate
  2. Click the three vertical action buttons
  3. Select Duplicate
  4. Edit the duplicated rule with the new port or protocol settings
  5. Click Save

This allows you to maintain separate receiver configurations for different OpenText systems in your environment.

Viewing transformation rule history:

LT Auditor MP maintains a version history of transformation rule configurations:

  1. Open the transformation rule
  2. Click View History
  3. Review previous versions with timestamps
  4. Revert to a previous version if needed

This is useful if a recent configuration change has caused collection issues and you need to restore a previously working configuration.

Best practices:

  • Review transformation rule settings before configuring syslog forwarding on your OpenText systems — the port and protocol must match on both ends
  • Use TCP or TLS rather than UDP in production environments for reliable log delivery
  • Document the configured ports and protocols for all transformation rules and share them with your OpenText system administrator
  • Test firewall connectivity from each OpenText server to the LT Auditor MP server before configuring syslog forwarding to catch network issues early
  • Change default ports only if necessary — using standard ports simplifies troubleshooting and documentation
  • If enabling TLS, coordinate certificate management with your PKI team well in advance of go-live

[Your administrator should include the eDirectory and NSS transformation rule port and protocol settings in your network documentation so firewall administrators can maintain the correct rules over time.]

ca certificate, compliance, configuration, deployment, duplicate rule, edirectory, firewall, firewall rules, getting started, inbound traffic, ip address, listening port, monitoring, mutual tls, network interface, nss, oes, oes nss, opentext, port 5014, port 5015, port conflict, ports, protocol configuration, receiver settings, rule history, sni, syslog forwarding, syslog receiver, syslogs, tcp, tls, tls syslog, transformation rule configuration, transformation rules, udp

Powered by BetterDocs

Newsletter

Let's get started and
enjoy the power of LT Auditor MP

© Copyright , BLUE LANCE 2.0. All Rights Reserved.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by