Using the login script to keep a record of when users are in the building.
RikkiSixx
I have been put in charge of a project that requires me to make and keep a
running record of when users login and logoff.
I was thinking of adding a "#cmd.exe" to the login scripts and appending a
TXT file with a >> but I have run into 2 problems:
1. Exactly what commands after the "#cmd.exe" to use - I have run into
errors and am obviously missing something. I would really like to take Login
Script variables and redirect them into the results file but cannot figure
out the exact commands.
2. How to log "logout" events - I was thumbing through the posts and saw a
post "Logging logout time" that touched on the subject of using Workstation
mgmt, as Andy Thompson wrote, but no one got into the mechanics of it.
Lastly, would ANY of this work on the Mac OS9 and OSX machines? I tested the
Netware Mac client last year, and found it to work fine - but I never really
implemented it fully. It's obvious that I will have to now.
I'm mainly doing this to thwart an evil-programmer-consultant that (has been
with the company for 28 years (and is a complete ass)) who wants to put in
some client-installed program. I believe that this is not needed and want to
prove the old bastard wrong.
Join me in my quest to defeat the evil-programmer-consultant (who thinks he
knows "all tingz") and ALWAYS needles me with questions like "Why do we need
NetWare in here?"
-Rik
Andy Thompson (NSC Sysop)
> Hello all.
> I have been put in charge of a project that requires me to make and keep a
> running record of when users login and logoff.
Auditing would be your better option.
-andy
RikkiSixx
I dont want to audit everything that happens on the server.
Please take a minute and tell me the process of setting the servers to
auditing and if there are any tools to parse what the server puts into the
auditing logs.
Thanks for your time. I appreacate the help.
-Rik
"Andy Thompson (NSC Sysop)" <thom...@nscsysop.com> wrote in message
news:WDjOb.361$P5....@prv-forum2.provo.novell.com...
Andy Thompson (NSC Sysop)
> Please take a minute and tell me the process of setting the servers to
> auditing and if there are any tools to parse what the server puts into the
> auditing logs.
Documentation has most of the information you are after... also the
following (shamelessly copied from my good friend Anders ;)
-andy
Auditcon, Audit directory services,Audit directory tree
Highlight the O or OU and press F10, enable container auditing
Auditing configuration,Audit by DS events:
Log in user Ś on
Log out user Ś on
(f10 to toggle), Esc, save=yes
Audit options configuration:
+-----------------------------------------------------+
Ś Audit configuration Ś
Ś-----------------------------------------------------Ś
Ś Audit file maximum size: 1024000 Ś
Ś Audit file threshold size: 1023999 Ś
Ś Audit overflow file size: 102400 Ś
Ś Automatic audit file archiving: Yes Ś
Ś Days between audit archives (1-255): 7 Ś
Ś Hour of day to archive (0-23): 1 Ś
Ś Number of old audit files to keep (1-15): 2 Ś
Ś Allow concurrent auditor logins: No Ś
Ś Broadcast errors to all users: No Ś
Ś Ś
Ś Error recovery options for audit file full Ś
Ś Archive audit file: Yes Ś
Ś Disable audited events: No Ś
Ś Disable event recording: No Ś
Ś Minutes between warning messages: Ś
+-----------------------------------------------------+
Esc, save=y, esc
Have them log out/in...
Auditing reports,View audit file, no filter
Note that all auditing is done separately per O or ou!
**********************************************************************
WARNING! Read this even if you think you know what you are doing!!
If you turn on auditing for certain events, like login and then set
Archive audit file = NO and Disable audited events=YES you will
lock yourself out of your server. The same thing will happen if
you let your SYS volume run out of disk space.
Always set Archive audit file = YES and Disable audited events=NO!
**********************************************************************
File auditing (be careful!)
Auditcon
Change current volume to select desired volume
Auditing configuration
Audit options:
+-----------------------------------------------------+
Ś Audit configuration Ś
Ś-----------------------------------------------------Ś
Ś Audit file maximum size: 1024000 Ś
Ś Audit file threshold size: 1023999 Ś
Ś Audit overflow file size: 102400 Ś
Ś Automatic audit file archiving: Yes Ś
Ś Days between audit archives (1-255): 7 Ś
Ś Hour of day to archive (0-23): 0 Ś
Ś Number of old audit files to keep (1-15): 2 Ś
Ś Allow concurrent auditor logins: Yes Ś
Ś Broadcast errors to all users: No Ś
Ś Ś
Ś Error recovery options for audit file full Ś
Ś Archive audit file: Yes Ś
Ś Disable auditable events: No Ś
Ś Disable event recording: No Ś
Ś Minutes between warning messages: Ś
+-----------------------------------------------------+
Audit by event
Select what events to track
+----------------------------------------------------------------------
--------+
Ś Audit by file events
Ś
Ś----------------------------------------------------------------------
--------Ś
Ś ŚFile create - user or file Ś off
Ś
Ś ŚFile delete - global Ś off
Ś
Ś ŚFile delete - user and file Ś off
Ś
Ś ŚFile delete - user or file Ś off
Ś
Ś ŚFile open - global Ś off
Ś
Ś ŚFile open - user and file Ś on
Ś
Ś ŚFile open - user or file Ś off
Ś
Ś ŚFile purge Ś off
Ś
Ś ŚFile read - user and file Ś on
Ś
Ś ŚFile read - user or file Ś off
Ś
Audit by file/directory
Select what files/directories to track:
+------------------------------------------------------------+
Ś Audit by file/directory Ś
Ś------------------------------------------------------------Ś
Ś Ś.. (parent) Ś off Ś
Ś Ś\ (root) Ś Ś
Ś ŚDRIVERS (subdirectory) Ś off Ś
Ś ŚDUMP (subdirectory) Ś on Ś
Ś ŚHANDBOKH (subdirectory) Ś off Ś
Auditing reports
View audit file
+----------------------------------------------------------------------
--------
Ś AUDITCON 4.34 Friday 2001 March
30 9.57
Ś Server: SERVER1 Volume: VOL1 -- END
--
+----------------------------------------------------------------------
--------
-- 2001-3-30 --
09:48:04 Start volume audit file, event 80, SERVER1_VOL1.EMA.EMA_TREE
09:48:04 Active connection, event 58, address 00000101:00805FC394FF,
status 0,
user ADMIN, connection 10
09:52:00 Open file, event 27, (OS2)ALLMAN\Dump\Nytt Textdokument.txt,
rights R,
status 0, user ADMIN, connection 10
09:52:00 Read file, event 42, ADMIN, length 12, offset 0, status 0,
user ADMIN, connection 10
09:52:16 Open file, event 27, (OS2)ALLMAN\Dump\Nytt Textdokument.txt,
rights RWC, status 0, user ADMIN, connection 10
RikkiSixx
Thats excatly what I needed.
And pretty cool that it can be broken up by OU.
Thanks for the help.
-Rik
"Andy Thompson (NSC Sysop)" <thom...@nscsysop.com> wrote in message
news:HCnOb.434$P5....@prv-forum2.provo.novell.com...
RikkiSixx
I typed AUDITCON and i got an UNKNOWN COMMAND error.
Did I miss something?
-Rik
"Andy Thompson (NSC Sysop)" <thom...@nscsysop.com> wrote in message
news:HCnOb.434$P5....@prv-forum2.provo.novell.com...
RikkiSixx
Okay, okay...
I read the docs - its an exe.
duh.
thanks andy.
"Andy Thompson (NSC Sysop)" <thom...@nscsysop.com> wrote in message
news:HCnOb.434$P5....@prv-forum2.provo.novell.com...
Andy Thompson (NSC Sysop)
> **Rik smacks himself**
>
> Okay, okay...
> I read the docs - its an exe.
>
:) post back if you need anything else.
-andy