The Administrative Account User can click on the Edit button to view and/or edit any of these configuration options in the Auditing subsection.
The PC-Duo RAS server's auditing feature creates log entries for the following events:
-
PC-Duo RAS server startup and shutdown
-
Polling and discovery of new Host computers
-
Attempts to update Host computer status (either from the PC-Duo RAS server to the Host computer or from the Host computer to the PC-Duo RAS server)
-
Connections and disconnections
Attempts to access Hosts managed by the PC-Duo RAS server, including which services, such as remote control or file transfer, were requested. Events can be logged to the System Event Viewer and/or to a .CSV file. If you log events to the System Event Viewer, the event information contains only the event number and summary information. If you log events to a .CSV file, the .CSV file provides much more detailed information for each event. The .CSV file is named using the following format:
MACHINE-Gateway-YYYY-MM-DD-HH.CSV, where MACHINE is the machine name of the computer on which the PC-Duo RAS server is running, and YYYY-MM-DD-HH is the date and time of the last log file rollover period. You can use Microsoft Excel to view and print the audit log file. For each logged event, the audit log file contains the following information:
Column
|
Column Header
|
Description
|
1
|
Date
|
Date and time of the event recorded using the format: YYYY/MM/DD HH:MM:SS.
|
2
|
ms
|
Milliseconds part of date/time.
|
3
|
Type
|
Number representing the type or cause of the event:
• 0 = Success
• 1 = Error
• 2 = Warning
• 4 = Information
• 8 = Audit (Security Check) Success
• 16 = Audit (Security Check) Failure
|
4
|
|
Number representing the specific cause of the event:
• 1 = General
• 2 = Host Access Check
• 3 = Gateway Access Check
• 4 = Settings Access Check
• 5 = Group Access Check
• 6 = Session Access Check
• 7 = Operation Access Check
|
5
|
Severity
|
Number indicating the severity of the event:
• 0 = Event Log Success
• 1 = Event Log Information
• 2 = Event Log Warning
• 3 = Event Log Error
|
6
|
Event
|
Message ID number, for example, ‘100’, which corresponds to the message: ‘Gateway service started successfully.’ For a thorough listing of the Message IDs and their messages, see “Gateway Messages.”
|
7
|
Event
|
Internal network connection identifier, for example, 1C637D8E9B434DC.
|
8
|
ClientAddress
|
Client network address, for example, 123.123.1.2
|
9
|
ClientUser
|
Client authenticated user name, for example, DOMAIN\ajones
|
10
|
Result
|
32-bit error or result code generated by the program or by a system function employed by the program.
|
11
|
Access
|
Access bits that are required if an access check failed, for example, 40.
|
12
|
TargetType
|
Indicates type of target:
• host
• workstation
• session
• activerecording
• activemaster
• activeclient
• licenses
• pollschedules
• user
• group
• activehost
• application
• protocols
• activeplayback
• settings
• memberships
• unmanagedhost
• unmanagedworkstation
• unmanageduser
|
13-17
|
TargetInfo1 -
TargetInfo5
|
Five columns that contain Target specific information, usually a 64 or 128-bit key, for example.
NOTE: For TargetType = host, user, or workstation, the TargetInfo(1-5) columns will contain the following information: machine, workstationid, station, protocol, and address.
NOTE: For TargetType = session, the TargetInfo(1-5) columns will contain the following information: sessionid, workstationid, user, time-local, and elapsed.
|
18
|
MiscInfo
|
Contains miscellaneous information, for example, program location.
|
19
|
Message
|
Contains a copy of the text logged to the system Event Log, for example, "Gateway noted network address list change."
|
Logging options can be configured from the Auditing tab of the General Settings Properties window:
-
If you do not want to log Gateway-managed remote connection activity, do not check either Audit Logging Location box.
-
To send log events to the system Event viewer, check Create entries in Event Viewer Application Log.
-
To send log events to a text (.csv) file, check Create entries in text file in the directory, and type the directory path in the box provided. Specify the following parameters for the audit log file:
Automatically start a new log file - Use this field to specify the log file rollover period. Enter the number of hours after which to start a new log file: once every 6 hours, once daily, or once weekly (default value). If you set this parameter to once weekly, the rollover will occur at midnight on a Saturday night.
Automatically delete log files older than (days) - Use this field to specify how many days you want to save the log files. Enter the number of days. 40 days is the default value. This ensures that all activity, for at least over the past 30 days, has been logged for accounting purposes. Old log files are deleted when the start date is greater than the number of days specified in the audit log file name, MACHINE-Gateway-YYYY-MM-DD-HH.CSV, where the date and time represents the initial time period the event was logged.
For example, if you set the Automatically start a new log file field to once every 6 hours, the log files are named as follows:
Time Period
|
Log File Name
|
12:00:00 am to 5:59:59 am
|
MACHINE-Gateway-YYYYMM-DD-00.CSV
|
6:00:00 am to 11:59:59 am
|
MACHINE-Gateway-YYYYMM-DD-06.CSV
|
12:00:00 pm to 5:59:59 pm
|
MACHINE-Gateway-YYYYMM-DD-12.CSV
|
6:00:00 pm to 11:59:59 pm
|
MACHINE-Gateway-YYYYMM-DD-18.CSV
|
If you set the Automatically start a new log file field to once daily, the log files are named as follows:
Time Period
|
Log File Name
|
February 26, 2018
|
MACHINE-Gateway-2018-02-26-00.CSV
|
February 27, 2018
|
MACHINE-Gateway-2018-02-27-00.CSV
|
February 28, 2018
|
MACHINE-Gateway-2018-02-28-00.CSV
|
If you set the Automatically start a new log file field to once weekly, the log files are named as follows:
Time Period
|
Log File Name
|
February 26, 2018
|
MACHINE-Gateway-2018-03-04-00.CSV
|
March 11, 2018
|
MACHINE-Gateway-2018-03-11-00.CSV
|
March 18, 2018
|
MACHINE-Gateway-2018-03-18-00.CSV
|
NOTE: When planning scheduled downtime for PC-Duo RAS server maintenance and backups, be aware that if a periodic task, such as deleting old log files, was scheduled to run during that particular downtime period, it will not run until the next regularly scheduled period. If you have stopped the PC-Duo RAS server during a scheduled audit log rollover, the rollover will occur when you next restart the PC-Duo RAS server, and the newly generated events will be added to the correct log file. There are two types of operations to log:
-
Select Failed operations only to log only operation failures.
-
Select All operations, successful or failed to log all operations.
The Audit Database Connection fields provide real-time status on the underlying SQL database containing the audit information.