The auditing framework helps you to monitor the authentication process and track any changes that occur to the configuration parameters of the server. Details of any changes that occur are recorded in the /var/log/audit/audit.log file. The audit daemon keeps track of the changes to the audit.log file.
Auditing is disabled by default in OES 2015 or later.
However, if it is enabled, you can disable the Audit configuration option in the /etc/opt/novell/afptcpd/afptcpd.conf file manually or through iManager.
When the auditing option is enabled, the AFP server reports changes for the following events:
AFP user login and logout events
Changes to the configuration parameters of the afptcpd.conf file.