NeoRouter
http://www.neorouter.com/forum/

Auditing
http://www.neorouter.com/forum/viewtopic.php?f=8&t=4461
Page 1 of 1

Author:  stephenward_hw [ Fri Nov 19, 2010 12:53 pm ]
Post subject:  Auditing

I believe that NeoRouter supports user auditing. Is there any documentation on how to turn this on and where to view the log files.

Thanks

/Steve

Author:  kevinz [ Fri Nov 19, 2010 2:05 pm ]
Post subject:  Re: Auditing

Hi Steve,

You can find the guide from our Wiki:
http://www.neorouter.com/wiki/index.php ... s_Auditing

We are still improving this feature and any feedback will be appreciated.

Thanks,
KevinZ - NeoRouter team

Author:  stephenward_hw [ Sat Nov 20, 2010 1:48 pm ]
Post subject:  Re: Auditing

Kevin,

I have created a file called Feature.ini in the /usr/local/ZebraNetworkSystems/NeoRouter directory but it does not seem to be creating any files yet. I have tried creating it as feature.ini in case Linux cares about the case of the filename but no luck. The contents of the file are:

Auditing=1
AuditLogFileLocation=/var/log/neorouter
MaxNumOfLinesPerLog=20000

I have restarted the nrserver so that should not be the problem. Is there any chatter in the logs from the server service to indicate that it has found this file and enabled auditing.

One note for improvement of the product would be to have some minimal logging to the system logfiles to indicate that the service has started/stopped and the features that are enabled. This would make it a bit easier to see what is going on.

Overall I really like how this all works though.

Cheers

/Steve

Author:  kevinz [ Sat Nov 20, 2010 2:51 pm ]
Post subject:  Re: Auditing

Hi stephenward_hw,

It works well on my centos x64 machine with the following file. On linux, it's in /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini. But you need to make sure the path /var/log/neorouter does exist.

Code:
[Default]
Auditing=1
AuditLogFileLocation=/var/log/neorouter
MaxNumOfLinesPerLog=20000


On my machine, it then generated the auditing file as below. From the file name we know when the server gets started. A new start will create a new file.

Code:
[root@localhost neorouter]# pwd
/var/log/neorouter
[root@localhost neorouter]# ls
NRADT_Wed Nov 10 10:53:00 2010_0.log
[root@localhost neorouter]#


Quote:
Note:This feature is available in NR Pro only.


Thanks for your suggestion and we will think about it.

Please give it a try. If still have problem, please help enable the logging and send us the log file so that we can help you out.

Thanks,
KevinZ - NeoRouter team

Author:  sjk [ Sat Nov 20, 2010 3:14 pm ]
Post subject:  Re: Auditing

kevinz wrote:
But you need to make sure the path /var/log/neorouter does exist.
Code:
[Default]
AuditLogFileLocation=/var/log/neorouter

I can see how "FileLocation" might have ambiguous meaning, being either a file or directory. Would renaming the keyword to something more explicit, e.g. AuditLogDirectory, be preferable?

Author:  stephenward_hw [ Sat Nov 20, 2010 5:33 pm ]
Post subject:  Re: Auditing

Thanks that fixed it. I think the confusion came because the wiki example does not include the [Default] at the beginning. That is probably what was missing.

Cheers

/Steve

Author:  stephenward_hw [ Sat Nov 20, 2010 5:50 pm ]
Post subject:  Re: Auditing

Is there any documentation on what is being logged. I can see the log in requests but does it log any of the connection attempts between computers. This would be very useful.

Cheers

/Steve

Author:  kevinz [ Sun Nov 21, 2010 10:45 am ]
Post subject:  Re: Auditing

The latest version can log user sign in and user sign out events. It's well formated and can be imported into other software, such as excel and so on. It contains such fields as timestamp, client application name, user name, source IP, port, action type, result code and messages. All attempts to sign in will be recorded.

Here is sample records:

Wed Nov 10 10:53:22 2010|NR Client |kevin |192.168.0.103 |02795|User Sign In |0x00000000|Sign in to FRANK [10.0.0.1] successfully.
Wed Nov 10 10:53:36 2010|NR Client |kevin |192.168.0.103 |42949675755|User Sign Out |0x13900000000|Sign out from 10.0.0.1 successfully.


Thanks,
KevinZ - NeoRouter team

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/