Viewing Alerts in Audit Trail Log File

Novell BorderManager 3.7 Alert logs server events in the audit trail log file. The alert record contains information such as the type of alert, a description of the event, the name of the server that generated the alert, and a time stamp. Use the audit trail log file to check for anomalies or suspicious activities that affect routing and security on your network.

The audit trail log file, CSAUDIT.LOG, is maintained by CSAUDIT.NLM. The audit trail log file is managed with the CSLIB audit trail utility. Use this utility to view records in the audit trail log and configure a schedule for archiving the log. The active audit trail log file is located in SYS:SYSTEM\CSLIB. Archived audit log files are located in SYS:SYSTEM\CSLIB\LOGS.

This section contains the following procedures:


Displaying Audit Trail Log Records with Audit Trail Utility

To view the audit trail log file:

  1. To run the CSLIB audit trail utility from the server console, enter

    CSAUDIT

  2. Click Display Audit Trail Records.

    The currently active log file is displayed. If the current log file has the record you need, you are done. Otherwise, to view an archived log file, continue with Step 3.

  3. Press Insert to view the other display options.

  4. Click Display Options menu > Select from Archived File List.

  5. Use the Up-arrow and Down-arrow to locate the archived log file to view.

  6. Press Enter to view the records in the log file.

  7. Press Esc until you are prompted to exit the audit trail utility.


Archiving the Audit Trail Log File

As with most log files, the audit trail log file can grow rapidly. Because the audit trail log file is stored on the SYS: volume, it is important to archive it and rotate the archived log files on a regular basis.

To configure the frequency of archiving and the number of archived log files, complete the following steps:

  1. From the server console, enter

    CSAUDIT

  2. Click Audit Trail Configuration.

  3. Press Enter in the Archive Hour field and select the hour at which the audit trail log file should be archived.

  4. In the Archive Interval field, enter the number of days for which the active audit log file records data.

  5. In the Archive Files Retained field, enter the number of audit log files that will be archived before the first archived file is overwritten.

  6. Press Esc > select Yes to save the changes.

  7. Press Esc until you are prompted to exit the audit trail utility.