| |
NetWare provides two general methods of performing surveillance of users' accesses to protected resources.
Post-processing is a method of filtering an existing audit trail to present only the events that are of interest. AUDITCON provides menus to define post-processing filters for volume, container, and external auditing.
Preselection is a method of causing the server to record selected event types (such as file opens), specific users, or specific resources (such as files or directories) to the current volume trail. For volume auditing, you can preselect by event types, users, and files. For container auditing, you can preselect by users and event types. The server does not provide any preselection for external auditing. For preselection of external auditing, see your client documentation. NOTE: You cannot generate audit reports for events that are not preselected for auditing when the event occurs. For example, if you want to review which files were opened by a user two weeks ago, but you did not have file opens preselected at that time, you will not be able to generate an audit report that lists the files. Consequently, you must balance your need for certain audit information with the resources required to audit those events.
| |