Working with the Security Event Log

If you have access rights to a server configuration, you can view its security event log at any time. The security event log is not a typical .Log file, as its data is stored in the application database. This operation can be performed only when the server is running.

To view the security event log

  1. Open the Server Administration tool. If you are using the Server Administration tool installed with the client, you can administer remote servers only.
  2. Select the appropriate server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Select Tools > Accounts > Security Log . These actions display the Security Log contents. This log lists each secured event (such as logging on or off), the date and time it occurred, the user performing the operation, the workstation from which the operation was performed, the item acted upon, and whether the operation failed.
  4. Use the Security Event Type drop-down list box to view all events of a particular type.
  5. To reload the security event log and review the most recent entries, click Reload from the Security Event Log dialog box.
  6. To print the data selected from the log, click Print Selection from the Security Event Log dialog box.

Depending upon the number of users and the amount of activity on a server configuration, the security event log may grow rapidly. To keep the log to a reasonable size, you can have the Server delete old entries. First, decide how long you want to have security events available, then configure the server configuration to purge entries that are older than this time period. This operation can be performed only when the server is running.

To set the interval for purging the security event log
  1. Open the Server Administration tool. If you are using the Server Administration tool installed with the client, you can administer remote servers only.
  2. Select the appropriate server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Click Tools > Accounts > System Policy from the menu. The System Policy dialog box appears.
  4. Select the Security Events tab.
  5. Select the Purge Security Event Entries Older Than __ Days check box. (Clearing this check box keeps the entries indefinitely.)
  6. Type the number of days in the text box. The range is 30 to 1000. The default is 180. The next time the server configuration starts, entries that exceed the purge limit are deleted.
  7. Click OK.
  8. Restart the server configuration for the purge interval to take effect.
Parent topic: Security Logs