PC-Duo Web Console Operations Guide
×
Menu

Auditing

The Administrative Account User can click on the Edit button to view and/or edit any of these configuration options in the Auditing subsection. 
 
The PC-Duo RAS server's auditing feature creates log entries for the following events:
 
Attempts to access Hosts managed by the PC-Duo RAS server, including which services, such as remote control or file transfer, were requested.  Events can be logged to the System Event Viewer and/or to a .CSV file. If you log events to the System Event Viewer, the event information contains only the event number and summary information. If you log events to a .CSV file, the .CSV file provides much more detailed information for each event. The .CSV file is named using the following format:
 
MACHINE-Gateway-YYYY-MM-DD-HH.CSV, where MACHINE is the machine name of the computer on which the PC-Duo RAS server is running, and YYYY-MM-DD-HH is the date and time of the last log file rollover period. You can use Microsoft Excel to view and print the audit log file.  For each logged event, the audit log file contains the following information:
 
 
Column
Column Header
Description
1
Date
Date and time of the event recorded using the format: YYYY/MM/DD HH:MM:SS.
2
ms
Milliseconds part of date/time.
3
Type
Number representing the type or cause of the event:
• 0 = Success
• 1 = Error
• 2 = Warning
• 4 = Information
• 8 = Audit (Security Check) Success
• 16 = Audit (Security Check) Failure
4
 
Number representing the specific cause of the event:
• 1 = General
• 2 = Host Access Check
• 3 = Gateway Access Check
• 4 = Settings Access Check
• 5 = Group Access Check
• 6 = Session Access Check
• 7 = Operation Access Check
5
Severity
Number indicating the severity of the event:
• 0 = Event Log Success
• 1 = Event Log Information
• 2 = Event Log Warning
• 3 = Event Log Error
6
Event
Message ID number, for example, ‘100’, which corresponds to the message: ‘Gateway service started successfully.’ For a thorough listing of the Message IDs and their messages, see “Gateway Messages.”
7
Event
Internal network connection identifier, for example, 1C637D8E9B434DC.
8
ClientAddress
Client network address, for example, 123.123.1.2
9
ClientUser
Client authenticated user name, for example, DOMAIN\ajones
10
Result
32-bit error or result code generated by the program or by a system function employed by the program.
11
Access
Access bits that are required if an access check failed, for example, 40.
12
TargetType
Indicates type of target:
• host
• workstation
• session
• activerecording
• activemaster
• activeclient
• licenses
• pollschedules
• user
• group
• activehost
• application
• protocols
• activeplayback
• settings
• memberships
• unmanagedhost
• unmanagedworkstation
• unmanageduser
13-17
TargetInfo1 -
TargetInfo5
Five columns that contain Target specific information, usually a 64 or 128-bit key, for example.
NOTE: For TargetType = host, user, or workstation, the TargetInfo(1-5) columns will contain the following information: machine, workstationid, station, protocol, and address.
NOTE: For TargetType = session, the TargetInfo(1-5) columns will contain the following information: sessionid, workstationid, user, time-local, and elapsed.
18
MiscInfo
Contains miscellaneous information, for example, program location.
19
Message
Contains a copy of the text logged to the system Event Log, for example, "Gateway noted network address list change."
 
Logging options can be configured from the Auditing tab of the General Settings Properties window:
Automatically start a new log file - Use this field to specify the log file rollover period. Enter the number of hours after which to start a new log file: once every 6 hours, once daily, or once weekly (default value). If you set this parameter to once weekly, the rollover will occur at midnight on a Saturday night.
Automatically delete log files older than (days) - Use this field to specify how many days you want to save the log files.  Enter the number of days. 40 days is the default value.  This ensures that all activity, for at least over the past 30 days, has been logged for accounting purposes.  Old log files are deleted when the start date is greater than the number of days specified in the audit log file name, MACHINE-Gateway-YYYY-MM-DD-HH.CSV, where the date and time represents the initial time period the event was logged.
 
For example, if you set the Automatically start a new log file field to once every 6 hours, the log files are named as follows:
 
Time Period
Log File Name
12:00:00 am to 5:59:59 am
MACHINE-Gateway-YYYYMM-DD-00.CSV
6:00:00 am to 11:59:59 am
MACHINE-Gateway-YYYYMM-DD-06.CSV
12:00:00 pm to 5:59:59 pm
MACHINE-Gateway-YYYYMM-DD-12.CSV
6:00:00 pm to 11:59:59 pm
MACHINE-Gateway-YYYYMM-DD-18.CSV
 
If you set the Automatically start a new log file field to once daily, the log files are named as follows:
 
Time Period
Log File Name
February 26, 2018
MACHINE-Gateway-2018-02-26-00.CSV
February 27, 2018
MACHINE-Gateway-2018-02-27-00.CSV
February 28, 2018
MACHINE-Gateway-2018-02-28-00.CSV
 
If you set the Automatically start a new log file field to once weekly, the log files are named as follows:
 
Time Period
Log File Name
February 26, 2018
MACHINE-Gateway-2018-03-04-00.CSV
March 11, 2018
MACHINE-Gateway-2018-03-11-00.CSV
March 18, 2018
MACHINE-Gateway-2018-03-18-00.CSV
 
NOTE: When planning scheduled downtime for PC-Duo RAS server maintenance and backups, be aware that if a periodic task, such as deleting old log files, was scheduled to run during that particular downtime period, it will not run until the next regularly scheduled period.  If you have stopped the PC-Duo RAS server during a scheduled audit log rollover, the rollover will occur when you next restart the PC-Duo RAS server, and the newly generated events will be added to the correct log file. There are two types of operations to log:
 
 
The Audit Database Connection fields provide real-time status on the underlying SQL database containing the audit information.