Logging starts automatically when you start Advanced Server. Logging stops when an event log becomes full and cannot overwrite itself — either because you set it for manual clearing or because the first event in the log is not old enough.
Use the Log Settings command on the Log menu to define logging parameters for each kind of log. You can set the maximum size of the log and specify whether the events are overwritten or stored for a certain period of time.
The Event Log Wrapping option lets you define how events are retained in the log selected in the Change Settings For dialog box. (The default logging policy is to overwrite logs older than seven days.) You can customize this policy for different logs.
The options include the following.
Note
When a log is full (when no more events can be logged), you can free the log by clearing it. Reducing the amount of time you keep an event also frees the log if it allows the next record to be overwritten.
For information on how to set the Audit policy, see "To manage the Audit Policy" in User Manager for Domains Help.
For information on how to clear a log, see "Clearing All Events" in Event Viewer Help.
Although you can increase (to the capacity of the disk and memory) or decrease the maximum log size, each log file has an initial maximum size of 512 KBytes. Before decreasing a log’s size, you must clear the log. .
Careful monitoring of event logs can help you to predict and identify the sources of system problems. Logs also can confirm problems with application software. If an application crashes, an application event log can provide a record of activity leading up to the event.
The following are guidelines for using event logs to diagnose problems:
Archive logs in log format. The binary data associated with an event is discarded if you archive data in text or comma-delimited format. .
If a particular event seems related to system problems, try searching the event log to find other instances of the same event or to judge the frequency of an error.
Note Event IDs. These numbers match a text description in a source message file. This number can be used by product-support representatives to understand what occurred in the system.
This section discusses the following topics:
You enable auditing from the User Manager for Domains Auditing Policy dialog box. Through auditing, you can track Advanced Server security events. You can specify that an audit entry is to be written to the security event log whenever certain actions are performed or files are accessed.
An audit entry shows the activity that occurred, the user who performed the action, and the date and time of the activity. You can audit both successful and failed attempts. The audit trail can show who actually performed actions on the network and who tried to perform actions that are not permitted.
Events are not audited by default. If you have Administrator permission, you can specify which types of system events are audited through User Manager for Domains.
The Audit policy determines the amount and type of security logging that Advanced Server performs. For file and object access, you can specify which files and printers to monitor, which types of file and object access to monitor, and for which users or groups. For example, when File and Object Access auditing is enabled, you can use the Security tab in a file or folder’s Properties dialog box (accessed through Explorer) to specify which files are audited and what type of file access is audited for those files.
