Before turning AUDITCON on there are several things you need to
be aware of and consider in doing this.
1. The server that’s running
AUDITCON must have replicas of the partitions you want to audit.
2.
The log files, by default, are run from where ever AUDITCON is run from,
which by default is on Servername/Sys:\Public. You may want to consider
copying the entire public directory to a different volume, so that you do
not need to worry about space limitations on your sys: volume. Or, if you
want to make things more complicated you can copy the following files to a
different volume. These are the files required to run
AUDITCON:
(The
next 4 files names are based on Country 1 and code page 437) UNI_437.001
437_UNI.001 UNI_MON.001 UNI_COL.001
These files can be found in
either sys:\public or sys:\public\nls\English
3. If you choose to do
file system volume auditing, this may be taxing to your network throughput…
use this with caution.
4. If you turn auditing on at the highest level,
an organization, this will not audit subordinate containers. You need to
turn auditing on for each container you want active. For example, you want
to audit the entire SALES container in the ABC tree. You need to turn
auditing on SALES.ABC, WEST.SALES.ABC, EAST.SALES.ABC, NORTH.SALES.ABC and
SOUTH.SALES.ABC
Now… you have made all these considerations. You have
determined the server you want to do the auditing and you have ensured
this server has the required replicas to audit the desired containers. Now
what?
1. From a workstation, from the path that you have the auditing
files located at, execute auditcon.exe
2. On the top of the screen you
will see the server name and volume. Ensure this is the correct location
that you want the audit files stored, if not, select either Change current
server or Change current volume from the Available audit options. Now
that that is set
3. Highlight Audit directory services press
enter
4. From the Audit directory services menu, choose Audit
directory tree and then browse to the container you want to
audit
5. Press F10 to select and press enter to Enable container
auditing
6. From the Available audit options menu choose Auditing
configuration
7. From the Auditing configuration menu choose Audit by
DS Events.
8. Now, within audit by DS Events you can choose which
events you want to audit, such as “Add member to group property”, if you
turn this on, it will track who was added to which groups and who added
those people. For a complete list of options available (if you don’t want to
scroll through it here) see Novell’s TID #2907783.
9. Press F10 to
toggle on/off with events and press Esc when you are done.
Now you
are auditing. Here’s a couple of bonus tips for you.
To turn auditing off
of a container, go to that container in the Audit directory tree, press F10
for audit, from the Available audit options choose Auditing configuration,
and then choose Disable container auditing.
To make changes to the
auditing file size and number of logs kept, from the Audit directory tree,
go to the container you want to modify, press F10, choose Auditing
configuration, choose Audit options configuration and make your desired
changes.
Keep in mind, that whenever you’re unsure which key to hit
next, remember you have some options on the status bar of the AUDITCON
screen that can help you.
Email this Article
Print this Article
