The tables below review the events that Novell Audit can log for the eDirectory Instrumentation. The events are organized according to the categories listed in the NCP Server object’s Novell® Audit > eDirectory page:
You do not need to restart the logging server to activate your changes in the eDirectory page.
The Global category does not list events, but instead contains settings for eDirectory events. The following table lists Global settings specific to eDirectory events.
Attribute |
Description |
---|---|
Do Not Send Replicated Events |
Prevents logging duplicate entries for eDirectory events in a replica ring. You might consider enabling this option to reduce the potential log size. To log non-replicated events (such as logins), nauditDS must be installed on each server where you want to log non-replicated events.
|
Register For Events Inline |
Requires eDirectory events to be sent to the Secure Logging Server before eDirectory completes the transaction.
This option doesn’t apply to the following three events:
NOTE: Enabling this option might slow the performance of the connection between the Secure Logging Server and eDirectory.
|
Property Label |
Description |
EventID |
---|---|---|
ACL Changed
|
An object’s ACL attributes have been modified.
|
000B0354 |
Add Group Member
|
A member has been added to a Group object.
|
000B0336 |
Delete Group Member
|
A member has been deleted from a Group object.
|
000B0337 |
Intruder Detected
|
A user has attempted to login multiple times with an incorrect password and the account has been locked.
|
000B0357 |
Login Disabled |
A user’s account login has been disabled.
|
000B0356
|
Login Enabled |
A user’s account login has been enabled.
|
000B0355
|
Login Failed |
A user’s login attempt failed.
|
000B0358
|
Property Label |
Description |
EventID |
---|---|---|
Allow Login |
A user has been allowed to log in.
|
000B0351
|
Add Property |
An attribute (property) has been added to an object.
|
000B0334
|
Backlink Operator |
A backlink operation has changed an object's console operator privileges.
|
000B020B |
Backlink SEV |
A backlink operation has updated an
object's Security Equivalence Vector. |
000B020A |
Backup |
An entry has been backed up.
|
000B030F
|
Change Password |
A user's password has changed.
|
000B0302
|
Change Security Equals |
An object's Security Equals attribute has been changed.
|
000B0341
|
Check Console Operator |
An object has been checked for Console Operator rights.
|
000B032B
|
Create |
A new eDirectory object has been created. |
000B0001 |
Create Backlink |
A backlink has been created.
|
000B032A
|
Delete |
An existing eDirectory object has been deleted. |
000B0002 |
Delete Property |
An attribute (property) has been removed from an object.
|
000B0335
|
Delete Subtree |
A container and its subordinate objects have been deleted.
|
000B020C |
DSA Read |
The Directory System Agent (DSA) has been read. The DSA is an
LDAP object which provides clients information about the protocol versions
supported, any controls and extensions supported, and information on other LDAP
services.
|
000B0230 |
DSStream |
A stream attribute has been opened or closed.
|
000B0319
|
List Containable Classes |
A List Containable Classes operation has been performed on an entry.
|
000B031B
|
List Subordinates |
A List Subordinate Entries operation has been performed on a container object.
|
000B031A
|
Login |
A user has logged in.
|
000B0301
|
Logout |
A user has logged out.
|
000B0303
|
Modify RDN |
A rename operation has been performed.
|
000B0349
|
Move (Destination) |
This event specifies the deletion of a eDirectory object from its original location in the Directory tree.
|
000B0005 |
Move (Source) |
This event specifies the placement of an eDirectory object into its new location in the Directory tree.
This is the first of two events reported for a move operation. The second is DSMoveSourceEntry.
This also generates DSAddValue (?DSAttribute) events for all of the values associated with the object.
|
000B0004 |
Move (Subtree) |
A container and its subordinate objects have been moved.
|
000B0207 |
Move Tree (End) |
A Move Subtree operation has finished.
|
000B0220 |
Move Tree (Start) |
A Move Subtree operation has started.
|
000B021F |
Mutate Entry |
A Mutate Entry operation has been performed on an entry. A mutate
occurs when an object's class is changed to a different class.
|
000B031E
|
Name Collision |
A name collision (two entries with the same name) has occurred.
|
000B0227
|
Read Attribute |
An entry's attributes have been read.
|
000B0323
|
Read Object Info |
A Read Object Info operation has been performed on an object.
|
000B033A
|
Read References |
The references on a given object have been read.
|
000B0324
|
Remove |
An entry has been removed from a container.
|
000B0309
|
Remove Assoc. |
A file directory associated with an entry has been removed.
|
000B0317
|
Remove Backlink |
A backlink has been removed.
|
000B033E
|
Rename |
An existing eDirectory object has been renamed.
|
000B0003 |
Restore |
An entry has been restored.
|
000B0310
|
Search |
A Search operation has been performed.
|
000B033C
|
Verify Password |
A password has been verified.
|
000B030E
|
Property Label |
Description |
EventID |
---|---|---|
Add Entry |
An entry has been added beneath a container.
|
000B0343 |
Add Value |
A value has been added to an object attribute.
|
000B0006 |
Compare Attribute Value |
A Compare operation has been performed on an attribute.
|
000B0318 |
Delete Attribute |
An attribute has been deleted from an object. This generates DSDeleteValue events for values associated with the attribute. The DSDeleteValue events occur after the DSDeleteAttribute event.
|
000B0009 |
Delete Value |
A value has been deleted from an object attribute.
|
000B0007s |
Modify Object |
An attribute has been modified on an object.
|
000B0344 |
Property Label |
Description |
EventID |
---|---|---|
Define Attribute |
The eDirectory schema has been extended; that is, a new object type has been added to the schema or a new attribute has been added to an existing object.
|
000B0311 |
Define Class |
A class definition has been added to the schema.
|
000B0314 |
End Update Schema |
An End Update Schema operation has been performed.
|
000B0331 |
Modify Class |
A class definition has been modified.
|
000B0315 |
New Schema Epoch |
A new schema epoch has been declared.
|
000B0348 |
Remove Attribute |
An attribute definition has been removed from the schema.
|
000B0312 |
Remove Class |
A class definition has been removed from the schema.
|
000B0313 |
Schema Synchronized |
The schema has been synchronized.
|
000B0329 |
Start Update Schema |
A Start Update Schema operation has been performed.
|
000B0330 |
Synchronized Schema |
The schema has been synchronized.
|
000B0226 |
Update Attribute Definition |
A schema attribute definition has been updated.
|
000B0212 |
Update Class Definition |
A schema class definition has been updated.
|
000B0211 |
Update Schema |
An Update Schema operation has been performed.
|
000B032F |
Property Label |
Description |
EventID |
---|---|---|
NCP Retry Expended |
The number of retries for an NCP® request has been expended.
|
000B0013s |
Remote Connection Cleared |
A remote connection has been cleared.
|
000B0010 |
Remote Server |
One server has a referral to another server and the other server is down.
|
000B000F |
Property Label |
Description |
EventID |
---|---|---|
Connection State Changed |
The connection state has changed.
|
000B0347 |
CRC Failure |
A CRC failure occurred when fragmented NCP requests were reconstructed.
|
000B0342 |
Create Namebase |
The Directory namebase has been created.
|
000B0340 |
DS Counters Reset |
The internal eDirectory counters have been reset.
|
000B0316 |
DS Reloaded |
eDirectory has been reloaded.
This is a statistical counter. It is tracked only if eDirectory is configured to track statistics.
|
000B0333 |
DSA Bad Verb |
A third-party application that interfaces with eDirectory referenced an API number that is not defined in the Netware Core Protocol (NCP).
|
000B0204 |
End Namebase Transaction |
An End Namebase Transaction debug message has been sent.
|
000B0350 |
Local Agent Closed |
The local Directory agent has been closed.
|
000B0202 |
Local Agent Opened |
The local Directory agent has been opened.
|
000B0201 |
Module State |
The eDirectory module's state has changed.
|
000B0014 |
NLM Loaded |
An NLM has been loaded.
|
000B0228 |
Property Label |
Description |
EventID |
---|---|---|
Check SEV |
The Security Equivalence Vector has been checked.
|
000B0011 |
Close Stream |
A Stream attribute has been closed.
|
000B0008 |
Delete Unused External Reference |
An unused external reference has been deleted.
|
000B000D |
Generated CA Keys |
Certificate of Authority keys have been generated.
|
000B0222 |
Recertified Public |
An entry's public key has been certified.
|
000B0221 |
Update SEV |
The Security Equivalence Vector has been updated.
|
000B0012 |
Property Label |
Description |
EventID |
---|---|---|
Change Object Security |
A bindery object's security has been changed.
|
000B0339 |
Change Property Security |
Security for a bindery object's property has been changed.
|
000B0338 |
Close Bindery |
The Bindery has been closed.
|
000B0346 |
Create Bindery Object |
A bindery object has been created.
|
000B000B |
Delete Bindery Object |
A bindery object has been deleted.
|
000B000C |
Error Via Bindery |
An error was returned via the Bindery.
|
000B0203 |
Open Bindery |
The Bindery has been opened.
|
000B0345 |
Set Bindery Context |
The bindery context has been set on the server.
|
000B000A |
Property Label |
Description |
EventID |
Added Replica |
A replica of a partition has been added to a server.
|
000B0304 |
Changed Replica |
A partition replica's type has been changed; for example, from a read/write replica to a read-only replica.
|
000B0308 |
End Update Replica |
An End Update Replica operation has been performed on a partition replica.
|
000B0327 |
EntryIDs Swapped |
A Swap Entry ID operation has been performed.
|
000B034E |
FlatCleaner End |
A Flatcleaner operation has completed.
|
000B0217 |
Inbound Sync End |
Inbound synchronization has finished.
|
000B0209 |
Inspected Entry |
An Inspect Entry operation has been performed on an entry.
|
000B031C |
Limber Done |
A Limber operation has completed.
|
000B0219 |
Lost Entry |
eDirectory has encountered a lost entry. A lost entry is an entry for which updates are being received, but no entry exists on the local server.
This event exists mainly for debugging.
|
000B0213 |
Merged Entries |
Two entries have been merged.
|
000B031F |
No Replica Pointer |
A replica exists that has no replica pointer associated with it.
|
000B0208 |
One Replica |
A partition has been encountered that has only one replica. Novell® recommends that each partition have at least three replicas for greater fault-tolerance.
This is a statistical counter. It is tracked only if eDirectory is configured to track statistics.
|
000B0218 |
Outbound Sync (Server) End |
Outbound synchronization from a particular server has finished.
|
000B021C |
Outbound Sync (Server) Start |
Outbound synchronization has begun from a particular server.
|
000B021B |
Partition State
|
A partition state change has been requested.
|
000B020F |
Purge End |
A purge operation has ended.
|
000B0216 |
Purge Entry Failed |
A purge operation on an entry has failed.
|
000B0214 |
Purge Start |
A purge operation has started.
|
000B0215 |
Received Replica Updates |
A replica has received an update during synchronization.
|
000B030B |
Removed Replica |
A replica of a partition has been removed from a server.
|
000B0305 |
Repaired |
A replica's time stamps have been repaired by the DSREPAIR utility.
|
000B030C |
Resent Entry |
A Resend Entry operation has been performed on an entry.
|
000B031D |
Sent Replica |
A replica has sent an update during synchronization.
|
000B030D |
Set New Master |
A partition was designated as the new master replica.
|
000B020D |
Start Update Replica |
A Start Update Replica operation has been performed on a partition replica.
|
000B0326 |
Updated Replica |
An Update Replica operation has been performed on a partition replica.
|
000B0325 |
Property Label |
Description |
EventID |
Abort Join |
A Join operation has been aborted.
|
000B032E |
Abort Partition Operation
|
A partition operation, such as a split, join or move, has been aborted.
|
000B030A |
Backlink Procedure Done
|
A backlink process has completed.
|
000B022C |
Change Tree Name |
The tree name has been changed.
|
000B032C |
Create Subref |
A subordinate reference has been created. A subordinate reference occurs when the server being queried does not contain a copy of the object being referenced. In order to get information about that object, the server being queried must refer to another server that contains a copy of that object.
|
000B0321 |
Join Done |
A Join Partitions operation has successfully completed.
|
000B0223 |
Join Partitions |
A parent partition has been joined with a child partition.
|
000B0307 |
Limber Done |
A Limber operation has completed.
|
000B022B |
List Partitions |
A List Partitions operation has been performed.
|
000B0322 |
Low Level Join |
A low-level join has been performed. This event occurs frequently in a multi-server tree.
|
000B033F |
Low Level Split |
A low-level partition split has been performed.
|
000B034F |
Merge Trees |
Two eDirectory trees have been merged.
|
000B0320 |
Move Tree |
A Move Tree operation has been performed.
|
000B0332 |
Orphaned Partition |
An orphan partition operation has been performed. This operation has four variations: Create, Remove, Link, and Unlink.
|
000B034A |
Partition Locked |
A partition has been locked.
|
000B0224 |
Partition State Changed |
A partition's state has changed.
|
000B033D |
Partition Unlocked |
A partition has been unlocked.
|
000B0225 |
Referral Created |
A referral has been created.
|
000B0210 |
Server Address Changed
|
A server's address has changed.
|
000B022F |
Server Renamed |
A server has been renamed using iManager, ConsoleOne or NWAdmin.
|
000B022D |
Split Done |
A Split Partition operation has completed.
|
000B021A |
Split Partition |
A partition has been split using iManager, ConsoleOne or NWAdmin.
|
000B0306 |
Start Join |
A Start Join operation has been performed.
|
000B032D |
Sync Partition |
A Synchronize Partition operation has been performed on a partition replica.
|
000B0328 |
Sync Partition End |
Synchronization of a partition has finished.
|
000B021E |
Sync Partition Start |
Synchronization of a partition has begun.
|
000B021D |
Synthetic Time |
Synthetic time has been invoked synchronize eDirectory servers.
|
000B022E |
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.