RSS |
 |
| S N E A K P R E V I E W | |
| |
Condrey's AuditLogin 3.1 Keeps Tabs on NetWare Access October 2, 2000 James E. Drews A rash of computer vandalism has hit your company. Files are damaged or missing, and your boss wants you to figure out who's had access to the computers that were attacked. Was Microsoft Windows NT's built-in access auditor enabled? Probably not. But the machines do require an authenticated login to your Novell NetWare network. Can you find out who was using the computers? Maybe. How can a NetWare administrator track who has logged in to the network or see what servers a person is accessing? He or she could use the auditing capabilities built into the NetWare operating system. But depending on the server being audited, these event logs could be huge. Just try using DOS-based auditcon to sort through the information--you'll be flooded with "out of memory" errors. But if you are concerned solely with who is using the system and from where, there is a solution: AuditLogin 3.1 from Condrey Computer Consulting. I tested AuditLogin in Network Computing's Real-World Labs® at the University of Wisconsin-Madison, Computer Aided Engineering Center's production NetWare network. AuditLogin is not a complete auditing solution--it doesn't have the capability to monitor file access or NDS attribute changes. However, if your concern is tracking who is using specific workstations, AuditLogin may be all your organization needs. An NLM, AuditLogin runs on each NetWare server you need to monitor. The software includes the Consolidator--an NLM that gathers to a central location audit information from the servers in the tree. AuditLogin uses NCP (NetWare Core Protocol) extensions to communicate among servers, so there is no dependency on IPX/ SPX or TCP/IP. No-Frills Install AuditLogin doesn't come with a fancy installation program as most commercial software does, and this product doesn't need it. Getting AuditLogin up and running is just a matter of extracting the AuditLogin files to a directory on the server that is to be the Consolidator and loading the consldat. nlm. Once that is done, the remainder of the server installation is performed with the administration program, auditadm. I used auditadm to install the auditlgn.nlm on the 14 servers that made up the eng NDS tree. I ran into one problem that was easily worked around: On the consolidation server, I placed the AuditLogin program files on the VOL1 volume. The auditadm program assumes that the same volume will be used for all servers. This caused problems for servers that did not have a VOL1 volume. As a temporary workaround, I placed a copy of the AuditLogin files on the SYS volume and changed one setting in the auditadm program to get the software installed on the network. Representatives from Condrey Computer Consulting told me this issue would be resolved in the next release of the program. Information Consolidation The Consolidator screen shows the login/logout activity as it is received from the other servers. After watching this screen for just a few minutes, I discovered an oddity: Two Hewlett-Packard Co. HP JetDirect cards on the network were logging in and out every 30 seconds or so. A quick look into this and I discovered that the JetDirect cards were having problems getting their queue information. This was easily fixed. All the audit information is stored on the Consolidation server. The information for each day is placed into a separate file. Administrators can choose the length of time (in days) the server should store those files. Files older that the specified range (older than 30 days, for example) will be removed automatically. One advantage AuditLogin has over NDS' auditing is that the AuditLogin files can be stored on any volume on the server. NDS' audit information is restricted to the hidden SYS:_ NETWARE directory. In testing, I recorded more than 50,000 logins and logouts, and the audit files take up only a few megabytes of disk space. Should the Consolidator NLM server be down or a communication problem between servers occur, the auditlgn program will store the audit information locally until it can communicate with the Consolidator again. Once a link is re-established, the information is sent. Reporting on the Data Collecting the information is half the battle, extracting meaning from it is the other half. Auditadm can perform simple to slightly complex report queries, though there are no canned reports built into it. I didn't find this a problem but would have liked to have seen some kind of summary reports for statistics--for instance, a report indicating the number of logins per day per server or average time a person stays logged in. AuditLogin also lets you graph trends. I produced 2-D and 3-D graphs showing the servers' login/logout and connection trends. However, these graphs are generated one server at a time, and I would have liked to put multiple servers on the same graph to facilitate comparisons. The good news is that the audit logs produced by AuditLogin in version 3.1 can be comma-delimited. The format of the file is documented and can be imported into Corel Quattro Pro, Microsoft Access or a similar program to provide more customized reporting and graphing. I also would have liked to have mapped IPX or TCP/IP addresses to a name (say, DNS names in the case of TCP/IP). This would have made it easier to type in a computer name instead of the long IPX-based network address. Some form of PC-to-address mapping is planned for the next release of AuditLogin, according to Condrey. The company has said it also may add secure Web-based access to the audit information in a future edition. James E. Drews is a network administrator for the Computer Aided Engineering Center of the University of Wisconsin-Madison. Send your comments on this article to him at jdrews@nwc.com.
| |
Upcoming Events
Cloud Connect
Santa Clara
Feb 13-16, 2012
Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.
Register Now!
Subscribe to Newsletter
- Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Vendor NewsFeed
- CollabNet Adds Git Source Code Management To Codesion Enterprise Cloud Development Platform
- Synology Announces New Line Of Economical RackStation Network Attached Storage
- New Application Server From AquaFold Makes Data Warehousing And Business Intelligence Fast And Simple
- Synology Announces 2 Bay Series - A NAS For Every Network
- Ericom AccessNow For Enterprise Portals - Secure, Portal-based, HTML5 Web Access To Windows Applications, Desktops And Services
- Good Technology Announces iOS 5 Support For Good For Enterprise
Research and Reports
FEATURED RESEARCH
State of Server Technology
FEATURED STRATEGY
The Long-Distance LAN
Register for Network Computing Pro
Find hundreds of reports featuring research from your peers, and best practices from top IT pros. Sign UpAugust 2011
Video
Most Popular
Featured Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Reports
BlogRoll
TechWeb Careers
-
There are a number of job listing scams naming Network Computing. For our official career postings, please see UBM TechWeb Career Opportunities.
