Depending on the File Channel object configuration, the File channel driver (lgdfile) can log events in raw format, or it can translate the event data into a human-readable log. By default, file data stores are named auditlog; however; however, you can specify the log filename in the File Channel object configuration.
Raw files simply contain the event data; consequently, they are not in a human-readable format. However, because they maintain a consistent field structure across events, they can be imported into spreadsheet programs like Microsoft Excel.
The following is a sample from a raw log file:
16777343,1051924636,1051924647,eDirInst\Object,721699,7,0,.OntarioTestData.Channels.Logging Services,,0,0,0,LlNhdHVybiBMb2dnaW5nIFNlcnZlci5Mb2dnaW5nIFNlcnZpY2Vz 16777343,1051924636,1051924647,eDirInst\Object,721690,7,0,.eDirectoryInstrumentation.Applications.Logging Services,,0,0,0,LlNhdHVybiBMb2dnaW5nIFNlcnZlci5Mb2dnaW5nIFNlcnZpY2Vz 16777343,1051926065,1051926065,eDirInst\Object,720897,7,0,.BillBob.SIM,,0,0,1,LmFkbWluLlNJTQ=
NOTE:Novell Audit includes a utility, called LETrans, that can
translate raw log files into human-readable format. See LETrans
in
the Novell
Audit 2.0 Administration Guide.
Translated log files, on the other hand, can be visually scanned for content; however, it is difficult to generate reports from these files because there is no consistent field structure—they contain only the event descriptions.
The following is a sample from a translated log file:
[Sat, 03 May 2003 01:25:10 +0000] eDirInst\Object: A read operation was performed on object .OntarioTestData.Channels.Logging Services by .Saturn Logging Server.Logging Services [Sat, 03 May 2003 01:25:10 +0000] eDirInst\Object: A list Subordinate Entires operation has been performed on container .eDirectory Instrumentation.Applications.Logging Services by .Saturn Logging Server.Logging Services [Sat, 03 May 2003 01:39:41 +0000] eDirInst\Object: A new eDirectory object called .BillBob.SIM (Class:User) was created by .admin.SIM
In addition to providing different log formats, the File channel is capable of creating localized logs. If the logging applications have localized Log Schema (LSC) files, the File channel can write translated log files in the language designated in the File Channel object.
NOTE:LSC files catalog the events that can be logged for a given
application. They can also indicate what kind of data is stored
in the event fields and provide descriptive information on the event
itself. For more information, see Log
Schema Files
in the Novell
Audit 2.0 Administration Guide.
For more information on the File channel, see File
in
the Novell
Audit 2.0 Administration Guide.