Checking the Audit Log on a VPN Server

The VPN audit log enables you to view audit log messages generated by a VPN server. You can also view a detailed explanation of any message.

There are two ways to display the VPN audit log. Both methods have the same capabilities. Using either method from the master server, you can view the audit log of any slave server.

IMPORTANT:  You cannot view the audit log of any VPN server that is also a member of another VPN. You can view the audit log of only those VPN servers that are exclusively members of your local VPN.

To display a VPN audit log using the first method, complete the following steps:

1. In NetWare Administrator, double-click a VPN server and select the Novell BorderManager 3.7 Setup page.

2. Click the VPN tab.

3. Double-click Master Site-to-Site or Slave Site-to-Site under Enable Service.

4. If you selected Master Site-to-Site, select a VPN member.

5. Click Status.

6. Click a VPN server > click Audit Log.

To display a VPN audit log using the second method, complete the following steps:

1. In NetWare Administrator, click a VPN server whose audit log information you want to view.

2. Select Novell BorderManager 3.7 from the Tools menu to open the Novell BorderManager 3.7 window.

3. Right-click Virtual Private Network and select View Member Activity/Log from the menu of options to view the VPN Audit Log window.

   The Audit Log window is under the VPN Activity window.

4. Do one of the following:

   • To view the audit log for the selected VPN member, click Acquire.

     The latest audit log messages in the database are displayed. Only ten messages are visible at a time, with the most current (latest time stamp) message displayed first. Use the scroll bar or PageDown key to see earlier messages. By default, the latest 100 messages in the audit log database are acquired at a time.

   • To acquire the next set of audit log messages for the selected VPN member, click More.

     The next 100 messages in the database are displayed. Because only ten messages are visible at a time, use the scroll bar or PageDown key to see the rest. The More button is not available if no more audit log messages are in the database. The More button does not emulate the screen settings. Changes made to the audit log controls take effect after you click Acquire. Only then does the More button use the current settings.

   • To change the number of message entries to acquire at any one time, click the Up-arrow or Down-arrow in the Phase Entries control box.

     The new Phase Entries value is the number of audit log messages acquired the next time you click Acquire.

   • To view additional information about a particular message, double-click the message or click Details.

     An explanation of the message is displayed. If the message is an error message, it also explains how to solve the problem.

The VPN Audit Log Window

The following information is contained in the VPN Audit Log window:

• Audit Log Provider---Allows you to choose which VPN software components will have their messages displayed.
• Selection Type---Allows you to choose which audit log message types to display.
• Audit Log Enable---Allows you to enable or disable the VPN audit log feature of the selected VPN member.

  If the check box is not selected, the VPN member stops saving VPN error and informational messages to the audit log database. This control feature takes effect only after you click Acquire.

• Audit Log Start and Audit Log End--- Specifies a range of audit log messages to view based on date and time. The Audit Log End field specifies the most recent VPN messages saved in the audit log database. The Audit Log Start field specifies the earliest VPN messages saved in the audit log database. Use the Valid Audit Log Range group box to set the current range of the VPN audit log messages for the selected VPN member. Use the Up-arrow and Down-arrow to change the date and time for both controls.
• Audit Log Progress---Indicates the current progress of the audit log retrieval according to the defined settings.
• Audit Log Messages---Displays the audit log messages for each VPN member.

  Each message includes a time stamp indicating when the message was generated and the message type. There are four types of audit log messages: VPN Control, VPN Tunnel, SKIP, and IPSEC. VPN Control messages correspond to the VPN autoconfiguration process. VPN Tunnel messages correspond to the encryption tunnels established between VPN members. SKIP and IPSEC messages correspond to those two security protocols. Each audit log type is also categorized as either an error message or an informational message. The following types of messages are displayed:

  • Green T---Informational messages for VPN Tunnel.
  • Green C---Informational messages for VPN Control.
  • Green S---Informational messages for SKIP.
  • Green IP---Informational messages for IPSEC.
  • Red T---Error messages for VPN Tunnel.
  • Red C---Error messages for VPN Control.
  • Red S---Error messages for SKIP.
  • Red IP---Error messages for IPSEC.