manualshive.com logo in svg

Novell OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010, Reference

The Novell OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010 manual is a must-have for users seeking detailed information on auditing client logger utility. Download this comprehensive reference guide for free from manualshive.com to maximize the storage services auditing capabilities of your enterprise server.

Share
Download
background image

VLOG Utility Man Page

17

n

ov

do

cx (e

n)

  16
 Ap
ril 20

10

Filtering Records

The 

vlog

 application supports filtering of events, as they are received from the NSS Auditing 

Engine (

vigil

), by using filter patterns. Filter patterns are rules for filtering events. You can use 

either of the following methods to specify filter patterns:

A filter file of filter patterns (consisting of one filter pattern per line) can be specified with the 

[-F, --filterFile]

 command line option. This option must be followed by a 

[path/

]filename

A filter file can contain comment lines. Comment lines begin with a pound sign (

#

) or a double 

forward slash (

//

).

Individual filter patterns can be specified with the 

[-p, --pattern]

 command line option. 

This option must be followed by a quoted filter pattern.

There are two kinds of patterns that can be specified from a filter file by using the 

[-F, --

filterFile]

 option, or specified individually in the command by using the 

[-p, --pattern]

 

option.

Patterns for filtering records of type VIGIL

Patterns for filtering records of type NSS, NCP, and CIFS

Each of these pattern types are discussed below.

Patterns for Filtering Records of Type VIGIL

Records of type VIGIL represent operations internal to the NSS Auditing Engine. By default, 
records of type VIGIL are not filtered from 

vlog

's output. 

“Filter Syntax for Type VIGIL Records” on page 17

“Filter Keywords for Type VIGIL Records” on page 18

“Examples for Filtering VIGIL Events” on page 19

Filter Syntax for Type VIGIL Records

The general pattern for filtering records of type VIGIL is:

:[+ or -]KEYWORD [[+ or -]KEYWORD]

A pattern used to filter records of type VIGIL has a colon (

:

) as the first character of the pattern.

The colon is followed by one or more keywords that represent records that are to be included or 
excluded from the 

vlog

 output. Multiple keyword entries are separated by a space. Keywords are 

applied in the order that they appear in the filter pattern. 

The specified keyword causes specific records of type VIGIL to be included or excluded from the 
output. Each keyword is preceded by an exclude/include character that indicates whether the records 
that match the specified pattern should be excluded or included in the 

vlog

 output. A minus (

-

character indicates that the records that are represented by the keyword that follows it should be 
excluded from the 

vlog

 output. A plus (

+

) character indicates that the records that are represented 

by the keyword that follows it should be included in the 

vlog

 output

Summary of Contents for OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010

Page 1: ...ovdocx en 16 April 2010 AUTHORIZED DOCUMENTATION OES 2 SP2 NSS Auditing Client Logger VLOG Utility Reference Open Enterprise Server 2 SP2 April 29 2010 Novell Storage ServicesTM Auditing Client Logger...

Page 2: ...and the trade laws of other countries You agree to comply with all export control regulations and to obtain any required licenses or classification to export re export or import deliverables You agre...

Page 3: ...Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the prope...

Page 4: ...4 OES 2 SP2 NSS Auditing Client Logger VLOG Utility Reference novdocx en 16 April 2010...

Page 5: ...9 1 1 1 Logged Output 9 1 1 2 Paths to Include or Exclude 9 1 1 3 File System Events to Monitor 9 1 1 4 NSS NCP and CIFS Event Sub Types to Monitor 10 1 1 5 VIGIL Events to Monitor 10 1 2 Using Auditi...

Page 6: ...6 OES 2 SP2 NSS Auditing Client Logger VLOG Utility Reference novdocx en 16 April 2010...

Page 7: ...kground knowledge of the host operating system is also assumed Feedback We want to hear your comments and suggestions about this manual and the other documentation included with this product Please us...

Page 8: ...8 OES 2 SP2 NSS Auditing Client Logger VLOG Utility Reference novdocx en 16 April 2010...

Page 9: ...includes Section 1 1 1 Logged Output on page 9 Section 1 1 2 Paths to Include or Exclude on page 9 Section 1 1 3 File System Events to Monitor on page 9 Section 1 1 4 NSS NCP and CIFS Event Sub Types...

Page 10: ...dule Starting or stopping the vigil cifs ko kernel module Starting or stopping the Auditing Client an internal construct of the NSS Auditing Engine Starting or stopping the Auditing Client User an int...

Page 11: ...wnload Novell Sentinel Log Manager from the Novell Download Web site http download novell com Download buildid woGGwp3Mab4 A 90 day evaluation license is available on the download site For installatio...

Page 12: ...12 OES 2 SP2 NSS Auditing Client Logger VLOG Utility Reference novdocx en 16 April 2010...

Page 13: ...rver OES 2 Support Pack 2 SP2 Linux This information is also available on the server as the vlog 8 man page Synopsis on page 14 Availability on page 14 Syntax on page 14 Description on page 15 VLOG Op...

Page 14: ...vigil start Run the NSS Auditing Client Logger vlog utility in a terminal console generally as the root user opt novell vigil bin vlog OPTIONS Stopping vlog requires a SIGTERM signal This can be done...

Page 15: ...he specified client name is added to CLIENT_ For example if you provide a 15 character client name of jasonjames12345 vlog creates a client name of CLIENT_jasonjames12345 f format NUL XML CSFV SENT Se...

Page 16: ...s are sent to stderr Each level includes the messages of the lower levels For example to set the verbose level to 22 enter opt novell vigil bin vlog V 22 The verbose messages for fatal errors configur...

Page 17: ...GIL Records of type VIGIL represent operations internal to the NSS Auditing Engine By default records of type VIGIL are not filtered from vlog s output Filter Syntax for Type VIGIL Records on page 17...

Page 18: ...l nss ko kernel module is unloaded an NSS stopped record is sent to all auditing clients CIFS_START Each time the vigil cifs ko kernel module is loaded a CIFS started record is sent to all auditing cl...

Page 19: ...s at the command line prompt opt novell vigil bin vlog p all Specifies a filter pattern that excludes all records of type VIGIL from the vlog output opt novell vigil bin vlog p all roll Specifies a fi...

Page 20: ...the auditing log The negation element is a single character that precedes the path element exclamation mark character Used to negate the filter patterns specified in a filter file when the command lin...

Page 21: ...and directory name pattern allows for the following wildcard characters Using the question mark wildcard matches any single character except for a forward slash character Using the single asterisk wi...

Page 22: ...Yes adh joke No The e group only includes e and not d aeh joke Yes a c e joke Filename Matches Yes or No a h joke Yes ach joke Yes adh joke No The c e group does not include d aeh joke Yes a d f joke...

Page 23: ...joke Yes aeh joke Yes afh joke No The e group only includes e and not f a Filename Matches Yes or No a b c d No does not match the character a a Filename Matches Yes or No a a No The in the pattern do...

Page 24: ...b c d d d d e f e f e f Yes a b b c d d d e f No Must end with the f character a b c d e e e e f No Need something between a and b c a xxx b d e e e e f No a xxx b must be followed by c a b c e f Fil...

Page 25: ...allow 6 abcb8zqrtm Yes abcdefadzqrtm Yes abcdefdefqrtm Yes abcdefqrtm Yes abchijqrtm Yes abcxyqrtm No Nothing after abc would allow xyq abcxyzdefqrtm Yes abcxyzqrtm Yes For simplicity the NSS volume n...

Page 26: ...n page 27 Event Sub Type Examples on page 28 Event Types Valid event options are DELETE CREATE OPEN CLOSE RENAME MODIFYMETADATA ADDTRUSTEE REMOVETRUSTEE SETINHERITEDRIGHTS LINK The asterisk character...

Page 27: ...cluded negated events are processed after the included non negated events In effect this list includes the OPEN and CLOSE events then excludes all events OPEN OPEN CLOSE Includes only the CLOSE event...

Page 28: ...non NSS OPEN and non NSS CLOSE events Filter Pattern Examples This section provides examples of filter patterns and a description of how each might be applied These examples are specific to entries i...

Page 29: ...EN event on the VOL1 abc def file assuming they had been included by an include rule VOL1 xyz dir Include Matches all events on any file in the VOL1 xyz dir directory Quotation marks are used to enclo...

Page 30: ...g methods to eliminate Orphaned Auditing Clients Start and stop or restart the NSS Auditing Engine or stop a specific instance of the Auditing Client Each method is described below Method 1 Stop and S...

Page 31: ...a root user who knows the Auditing Client s ClientKey The ClientKey can be specified by using vlog s c clientKey option If the c clientKey option is not specified vlog uses the default client key Zar...

Page 32: ...32 OES 2 SP2 NSS Auditing Client Logger VLOG Utility Reference novdocx en 16 April 2010...

Reviews:

No comments

Related manuals for OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010

Canon PowerShot SX1 IS Software Manual preview
PowerShot SX1 IS
Brand: Canon Pages: 48
Canon VB-M40 Viewer Operation Manual preview
VB-M40
Brand: Canon Pages: 2
XenSource DL385 - ProLiant - G5 Manual preview
DL385 - ProLiant - G5
Brand: XenSource Pages: 313
MACROMEDIA COLDFUSION 5 - INSTALING AND CONFIGURING... Manual preview
COLDFUSION 5 - INSTALING AND CONFIGURING...
Brand: MACROMEDIA Pages: 160
Acer ASM Pro Installation Manual preview
ASM Pro
Brand: Acer Pages: 20
Acer eConsole User Manual preview
eConsole
Brand: Acer Pages: 33
Acer Destinator PN User Manual preview
Destinator PN
Brand: Acer Pages: 118
Kenwood MediaManager Installation Manual preview
MediaManager
Brand: Kenwood Pages: 40
Samsung SyncMaster S23A950D User Manual preview
SyncMaster S23A950D
Brand: Samsung Pages: 90
Samsung SyncMaster T23A750 E-Manual preview
SyncMaster T23A750
Brand: Samsung Pages: 292
IBM Nways 8260 Manual preview
Nways 8260
Brand: IBM Pages: 354
MMSOFT Design Pulseway User Manual preview
Pulseway
Brand: MMSOFT Design Pages: 85
Red Hat APPLICATION STACK 2.4 RELEASE Release Note preview
APPLICATION STACK 2.4 RELEASE
Brand: Red Hat Pages: 22
Tektronix PhaserPrint 2.0 Configuration Manual preview
PhaserPrint 2.0
Brand: Tektronix Pages: 2
Juniper STRM 2008.2R2 - UPGRADING TO STRM 2008.2R2 REV 2 Upgrade Manual preview
STRM 2008.2R2 - UPGRADING TO STRM 2008.2R2 REV 2
Brand: Juniper Pages: 5
3Com pcXset - NBX - PC Getting Started Manual preview
pcXset - NBX - PC
Brand: 3Com Pages: 26
MACROMEDIA DIRECTOR MX-LINGO DICTIONARY Manual preview
DIRECTOR MX-LINGO DICTIONARY
Brand: MACROMEDIA Pages: 756
Xerox SMARTsend 3.0 Brochure preview
SMARTsend 3.0
Brand: Xerox Pages: 4

Brands by name

Popular brands

Load more brands