8.2 Viewing Alerts in Audit Trail Log File

Novell BorderManager Alert logs server events in the audit trail log file. The alert record contains information such as the type of alert, a description of the event, the name of the server that generated the alert, and a time stamp. Use the audit trail log file to check for anomalies or suspicious activities that affect routing and security on your network.

The audit trail log file, csaudit.log, is maintained by csaudit.nlm. The audit trail log file is managed with the CSLIB audit trail utility. Use this utility to view records in the audit trail log and configure a schedule for archiving the log. The active audit trail log file is located in sys:\system\cslib. Archived audit log files are located in sys:\system\cslib\logs.

This section contains the following procedures:

8.2.1 Displaying Audit Trail Log Records with the Audit Trail Utility

To run the CSLIB audit trail utility:

  1. To run the CSLIB audit trail utility from the server console, enter

    CSAUDIT

  2. Click Display Audit Trail Records.

    The currently active log file is displayed. If the current log file has the record you need, you are done. Otherwise, to view an archived log file, continue with Step 3.

  3. Press Insert to view the other display options.

  4. Click the Display Options menu > Select from Archived File List.

  5. Use the Up-arrow and Down-arrow to locate the archived log file to view.

  6. Click Specify to view the records in the log file.

  7. Press Esc until you are prompted to exit the audit trail utility.

8.2.2 Archiving the Audit Trail Log File

As with most log files, the audit trail log file can grow rapidly. It is important to archive it and rotate the archived log files on a regular basis, because the audit trail log file is stored on the sys: volume.

To configure the frequency of archiving and the number of archived log files:

  1. From the server console, enter

    CSAUDIT

  2. Click Audit Trail Configuration.

  3. Press Enter in the Archive Hour field and select the hour at which the audit trail log file should be archived.

  4. In the Archive Interval field, specify the number of days for which the active audit log file records data.

  5. In the Archive Files Retained field, specify the number of audit log files to be archived before the first archived file is overwritten.

  6. Press Esc, then select Yes to save the changes.

  7. Press Esc until you are prompted to exit the audit trail utility.