For a secure system, you need to set up either auditing or syslogging to notify the system administrator when certain events occur. The most important audit events to monitor are the following:
Configuration changes
System shutdowns and startups
Server imports and deletes
Intruder lockout detection (available only for eDirectory user stores)
User account provisioning
Audit events are device-specific. To select auditing events, use the following:
Administration Console: In the Administration Console, click > .
Identity Server: In the Administration Console, click > > >
Access Gateway: In the Administration Console, click > > >
J2EE Agent: In the Administration Console, click > > .
SSL VPN: In the Administration Console, click > > > .
In addition to the selectable events, device-generated alerts are automatically sent to the audit server. These Management Communication Channel events have an ID of 002e0605. All Access Manager events begin with 002e. SSL VPN starts with 0031. You can set up Novell Auditing to send e-mail whenever these events or your selected audit events occur. See Configuring System Channels in the Novell Audit 2.0 guide.
For information about audit event IDs and field data, see Section G.0, Access Manager Audit Events and Data.
The Access Gateway also supports a syslog and allows you to send e-mail notification to system administrators. To configure this system:
Linux Access Gateway: In the Administration Console, click > > >
NetWare Access Gateway: In the Administration Console, click > > >