Exporting Data

The proxy audit logs are generated by enabling indexed format logging for the HTTP, FTP, Mail, News, Generic, DNS, and RealAudio and RTSP proxy services. The proxy audit logs are stored in a Btrieve* file on the Novell BorderManager 3.7 server and are maintained by CSAUDIT.NLM. The proxy audit logs cannot be edited or manipulated from the server; however, the data can be exported for analysis. The format of the exported data is compatible with trend analysis software packages, such as WebTrends*. This section describes how to export proxy audit logs and lists the data exported for the HTTP, FTP, Mail, News, Generic, DNS, and RealAudio and RTSP proxy services.

NOTE:  Logging information for Telnet Transparent proxy is provided in the Generic TCP audit log.

There are two ways to export the proxy audit logs from NetWareŽ Administrator:

To export audit logs for all proxies other than HTTP, you must use the second method. If you use the second method, you can also combine the audit log files from other Novell BorderManager 3.7 services with the proxy audit log into a single ASCII file.

For additional information, refer to:


Exporting HTTP Audit Log Proxy Records

To export HTTP audit log proxy records from the HTTP Proxy Hosts Statistics window, complete the following steps:

  1. In NetWare Administrator, click the Server object representing the Novell BorderManager 3.7 server.

  2. Select Novell BorderManager 3.7 from the Tools menu.

  3. Click Proxy Cache and select View Audit Log from the Object menu.

  4. Click Display Records, enter the dates for the records you want to display, and click OK.

  5. In the HTTP Proxy Hosts Statistics window, click Export Data and enter the path and filename or click Browse to select the destination of the export file.

  6. Select one of the following sort formats under Information Output Selection > click OK:

    • Time entry (connection by connection)---(Default selection) Sorts records from earliest entry time to latest entry time.
    • Access by users---Sorts records in alphabetic order based on the user's NDS or eDirectory name.
    • Access by hosts---Sorts records in ascending order (for IP addresses) or alphabetic order (for DNS hostnames).

  7. (Conditional) If the export filename already exists under the directory path selected, you are prompted to replace the file. Click Yes to overwrite the file or No to specify the destination as described in Step 5.

The record fields are written to disk with a tab as the delimiter. Each record ends with a carriage return and line feed. The exported HTTP proxy data has the following format:


Exporting Audit Logs for All Other Proxies

Use the Export Logs selection from the Novell BorderManager 3.7 pull-down menu to export all the proxy audit logs. This procedure extracts the same data from the Btrieve database, but offers additional export options that cannot be activated from the HTTP Proxy Hosts Statistics window. More important, the audit logs for all other proxies (FTP, Mail, News, Generic, DNS, and RealAudio and RTSP) can be accessed only this way.

To export an audit log for any proxy, complete the following steps:

  1. In NetWare Administrator, click the Server object representing the Novell BorderManager 3.7 server.

  2. Select Novell BorderManager 3.7 from the Tools menu.

  3. From the Novell BorderManager 3.7 menu, select Export Logs.

  4. Click Set Range > enter the date range.

    This is the range of dates comparable to the dates used to display records in the Access Control Users Statistics window. The default range is the current server date.

  5. Click Browse to select the drive mapped to the destination for the export file.

    This is the path and filename for the export file. The default destination is A:\YYYYMMDD.LOG, where YYYY is the current year, MM is the current month, and DD is the current day. If you change the filename from the default format, the filename will not reflect the current server date. For example, if you change the filename format to MMDDYYYY.LOG, the next time you try to export logs on another day, the log filename will not have incremented to the current date.

  6. (Optional) If the default filename is unacceptable, enter a new filename in the File field.

  7. (Optional) If you want to combine the proxy audit log with audit logs from other Novell BorderManager 3.7 services, check the Combine Log Files check box.

    This feature allows log files from different Novell BorderManager 3.7 services to be combined into a single output file. When log files are combined, they are appended to one file, service by service.

  8. Under Log Selection, check one or more boxes for the proxy type.

    If the Combine Log Files feature has been selected, check all the services you want combined into the export log file.

  9. (Optional) If you checked Combine Log Files in Step 7, under Log Selection, check all other Novell BorderManager 3.7 services audit log files to be combined with the access control log file.

  10. Click OK.

The proxy audit logs are exported to an ASCII file. The record fields are written with a tab as the delimiter. Each record ends with a carriage return and line feed. The ASCII file format depends on which proxy audit log is exported.


Export File Subdirectories

If the Combine Log Files feature is not selected and you select one or more services under the Log Selection field, a separate export file is created for each service under a subdirectory of the export destination path.

The export subdirectories used are shown in the following table.

Log Type Export Subdirectory

HTTP Proxy

HTTP

FTP Proxy

FTP

NNTP Proxy

NNTP

Mail Proxy

SMTP

RealAudio and RTSP Proxies

RAUDIO

DNS Proxy

DNS

Generic Proxy

GENERIC

Telnet Transparent Proxy

GENERIC

SOCKS Client

SOCKS

IPX Gateway (Novell IP Gateway)

IPXGW

VPN

VPN

ACL (access control)

ACL

For example, if you specified an export destination of VOL1:LOGS\19981019.LOG, did not select the Combine Log Files feature, and checked the boxes for HTTP proxy, the Novell IP Gateway, and access control, the following logs would result:

For more information, refer to:


Exported HTTP Proxy Data

The exported HTTP proxy data has the following fields:


Exported FTP Proxy Data

The exported FTP proxy data has the following fields:


Exported NNTP Proxy Data

The exported Network News Transfer Protocol (NNTP) or News proxy data has the following fields:


Exported Mail Proxy Data

The exported Mail proxy data has the following fields:


Exported RealAudio and RTSP Proxy Data

The exported RealAudio and RTSP proxy data has the following fields:


Exported DNS Proxy Data

The exported DNS proxy data has the following fields:


Exported Generic Proxy Data

NOTE:  Logging information for Telnet Transparent proxy is provided in the Generic TCP audit log.

The exported Generic proxy data has the following fields:


Exported SOCKS Client Data

The exported SOCKS client data has the following fields:



  Previous Page: Viewing Host Statistics  Next Page: Blocking Virus Requests in HTTP Accelerator