Community


All times are UTC - 5 hours




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: Auditing
PostPosted: Fri Nov 19, 2010 12:53 pm 
Offline

Joined: Wed Oct 06, 2010 11:51 am
Posts: 11
I believe that NeoRouter supports user auditing. Is there any documentation on how to turn this on and where to view the log files.

Thanks

/Steve


Top
 Profile  
 
 Post subject: Re: Auditing
PostPosted: Fri Nov 19, 2010 2:05 pm 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1878
Hi Steve,

You can find the guide from our Wiki:
http://www.neorouter.com/wiki/index.php ... s_Auditing

We are still improving this feature and any feedback will be appreciated.

Thanks,
KevinZ - NeoRouter team


Top
 Profile  
 
 Post subject: Re: Auditing
PostPosted: Sat Nov 20, 2010 1:48 pm 
Offline

Joined: Wed Oct 06, 2010 11:51 am
Posts: 11
Kevin,

I have created a file called Feature.ini in the /usr/local/ZebraNetworkSystems/NeoRouter directory but it does not seem to be creating any files yet. I have tried creating it as feature.ini in case Linux cares about the case of the filename but no luck. The contents of the file are:

Auditing=1
AuditLogFileLocation=/var/log/neorouter
MaxNumOfLinesPerLog=20000

I have restarted the nrserver so that should not be the problem. Is there any chatter in the logs from the server service to indicate that it has found this file and enabled auditing.

One note for improvement of the product would be to have some minimal logging to the system logfiles to indicate that the service has started/stopped and the features that are enabled. This would make it a bit easier to see what is going on.

Overall I really like how this all works though.

Cheers

/Steve


Top
 Profile  
 
 Post subject: Re: Auditing
PostPosted: Sat Nov 20, 2010 2:51 pm 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1878
Hi stephenward_hw,

It works well on my centos x64 machine with the following file. On linux, it's in /usr/local/ZebraNetworkSystems/NeoRouter/Feature.ini. But you need to make sure the path /var/log/neorouter does exist.

Code:
[Default]
Auditing=1
AuditLogFileLocation=/var/log/neorouter
MaxNumOfLinesPerLog=20000


On my machine, it then generated the auditing file as below. From the file name we know when the server gets started. A new start will create a new file.

Code:
[root@localhost neorouter]# pwd
/var/log/neorouter
[root@localhost neorouter]# ls
NRADT_Wed Nov 10 10:53:00 2010_0.log
[root@localhost neorouter]#


Quote:
Note:This feature is available in NR Pro only.


Thanks for your suggestion and we will think about it.

Please give it a try. If still have problem, please help enable the logging and send us the log file so that we can help you out.

Thanks,
KevinZ - NeoRouter team


Top
 Profile  
 
 Post subject: Re: Auditing
PostPosted: Sat Nov 20, 2010 3:14 pm 
Offline

Joined: Thu Nov 04, 2010 4:58 pm
Posts: 8
Location: Hawaii
kevinz wrote:
But you need to make sure the path /var/log/neorouter does exist.
Code:
[Default]
AuditLogFileLocation=/var/log/neorouter

I can see how "FileLocation" might have ambiguous meaning, being either a file or directory. Would renaming the keyword to something more explicit, e.g. AuditLogDirectory, be preferable?


Top
 Profile  
 
 Post subject: Re: Auditing
PostPosted: Sat Nov 20, 2010 5:33 pm 
Offline

Joined: Wed Oct 06, 2010 11:51 am
Posts: 11
Thanks that fixed it. I think the confusion came because the wiki example does not include the [Default] at the beginning. That is probably what was missing.

Cheers

/Steve


Top
 Profile  
 
 Post subject: Re: Auditing
PostPosted: Sat Nov 20, 2010 5:50 pm 
Offline

Joined: Wed Oct 06, 2010 11:51 am
Posts: 11
Is there any documentation on what is being logged. I can see the log in requests but does it log any of the connection attempts between computers. This would be very useful.

Cheers

/Steve


Top
 Profile  
 
 Post subject: Re: Auditing
PostPosted: Sun Nov 21, 2010 10:45 am 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1878
The latest version can log user sign in and user sign out events. It's well formated and can be imported into other software, such as excel and so on. It contains such fields as timestamp, client application name, user name, source IP, port, action type, result code and messages. All attempts to sign in will be recorded.

Here is sample records:

Wed Nov 10 10:53:22 2010|NR Client |kevin |192.168.0.103 |02795|User Sign In |0x00000000|Sign in to FRANK [10.0.0.1] successfully.
Wed Nov 10 10:53:36 2010|NR Client |kevin |192.168.0.103 |42949675755|User Sign Out |0x13900000000|Sign out from 10.0.0.1 successfully.


Thanks,
KevinZ - NeoRouter team


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 21 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: