| Roland,
THe auditing should be enabled by setting the wanted options in the
systemadminstration options menu.
After applying the iptions you'll have to do 'Commit Changes'
From now on the server will log all the requested information and will
store the result in a file call /usr/op/cell/users/AC-yymmdd.
THE FILE MAY NOT BE CREATED STRAIGHT AWAY BECAUSE THE LOGGING IS
BUFFERED.
Below you can find how to read the information:
At the first event after midnight the current file will
be closed and a new one created with the name of the new day, date and
time taken as local time of the logging server. Records are character
strings separated by <new line> and have the following format:
<type><tab>yyyy/mm/dd<tab>hh:mm:ss<tab><type specific data>
The <type> field is a 3 character indication of the type of event
logged:
AAD Access Administrator Denied
AAG Access Administrator Granted
AUD Access User Denied
AUG Access User Granted
LIU Login Unsuccessful
LIS Login Successful
LOG Logout
The format of the type specific data field for the types
AAD/AAG/AUD/AUG is:
<object reference><tab><class id><tab><owner id><tab><owning o.u.
id><tab><user_id><tab><org. unit id><tab><access
type_id><tab><method_id><tab><status>
If the value of <owning o.u. id> is -1 this means that the field has a
NULL value and that the primary org. unit of the owner must be
substituted instead.
The format of the type specific data field for the types LIU/LIS/LOG
is:
<user_id><tab><cell_id><tab><oslogin><tab><workstation
id><tab><workstation name><tab><workstation address><tab><status>
Fields are all numeric for performance reasons and to avoid problems
with character sets. The files can be interpreted with a LinkWorks
script, and the ids translated to text using the APO/MCC functions.
Han
|