Novell Documentation: Novell BorderManager 3.8 - Checking the Audit Log on a VPN Server

Checking the Audit Log on a VPN Server

The VPN audit log enables you to view audit log messages generated by a VPN server. You can also view a detailed explanation of any message by clicking on the Audit Log messages in the box in the lower part of the page.

To display a VPN audit log, in the NRM VPN view status menu (See VPN View Status), click the Audit Log link for a selected member to display a page with the following information.

Figure 76
Audit Log Page

This page provides detailed audit logs of the list of members and clients connected to the selected member. This is nearly same as the NetWare CSAUDIT facility.

Audit Log Provider: You can enable any one or more of the Audit Log Providers in the group box to view the desired messages.
Audit Log Level: The Audit Log Level in the group box can be error or informational or both. Messages are subcategorized as Detailed, Medium and User.
Audit Log Start and End: The Audit Log Start and End group box can be used to set the desired start and end date and time during which the messages were logged. Set the time according to the Valid Audit Log Range.
Valid Audit Log Range: The Valid Audit Long Range group box displays the valid start and end time. This sets the limit for Audit Log Start and End.
Audit Log Progress: The Audit Log Progress group box provides the date and time of the currently displayed last Audit Log message. The Phase Entries field provides the number of entries displayed in the list below. This is also an editable field.

IMPORTANT: After any change to the attributes, click Acquire to see the audit log messages.

Audit Log Messages

When you click Acquire, Audit Log messages are displayed in the box towards the lower part of the page. The audit log messagesshow information for various activities that are taking place on the server. The administrator can use the audit log facility to understand what went wrong for authentication failures, or what could have been the cause of failure during IKE negotiation. Click More to view messages that cannot be displayed in the available space.

You can obtain a detailed explanation of any audit log message by clicking the message. For error messages, a brief corrective action is displayed as shown below.

Figure 77
Audit Log Message Details

Log Level

In the page shown in Audit Log Page, pressing Log Level displays the dialog box shown below. This dialog box helps you set the log levels for a selected server. In the following page the user is setting the log level to log detailed error and informational messages for the selected audit log types which excludes logging of VPN Control and SKIP Key Management.

Figure 78
Log Level

Select the check boxes to provide error or informational messages of the following types:

VPN Control: Provides the messages from VPMaster or VPSlave.
VPN Tunnel: Provides messages related to establishment or failure of the tunnel.
Authentication Gateway: Provides the messages related to client-to-site authentication (user password information).
IP Security: Provides messages related to TCP/IP and IP Sec modules.
SKIP Key Management: Provides key management messages related to earlier versions of the BorderManager client or the Novell BorderManager 3.8 client in backward compatibility mode.
IKE Key Management: Provides key management messages for Novell BorderManager 3.8 clients.