Help banner

Server Object - eDirectory Instrumentation Settings

The tables below review the events that Novell Audit can log for the eDirectory™ Instrumentation. The events are organized according to the categories listed in the NCP Server object’s Novell® Audit > eDirectory page:

You do not need to restart the logging server to activate your changes in the eDirectory page.

Global Settings

The Global category does not list events, but instead contains settings for eDirectory events. The following table lists Global settings specific to eDirectory events.

Attribute

Description

Do Not Send Replicated Events

Prevents logging duplicate entries for eDirectory events in a replica ring. You might consider enabling this option to reduce the potential log size. To log non-replicated events (such as logins), nauditDS must be installed on each server where you want to log non-replicated events.

 

Register For Events Inline

Requires eDirectory events to be sent to the Secure Logging Server before eDirectory completes the transaction.

 

This option doesn’t apply to the following three events:

  • DSA Read

  • List Subordinates

  • Read Attribute

NOTE: Enabling this option might slow the performance of the connection between the Secure Logging Server and eDirectory.

 

Meta Events

Property Label

Description

EventID

ACL Changed

 

An object’s ACL attributes have been modified.

 

000B0354

Add Group Member

 

A member has been added to a Group object.

 

000B0336

Delete Group Member

 

A member has been deleted from a Group object.

 

000B0337

Intruder Detected

 

A user has attempted to login multiple times with an incorrect password and the account has been locked.

 

000B0357

Login Disabled

A user’s account login has been disabled.

 

000B0356

 

Login Enabled

A user’s account login has been enabled.

 

000B0355

 

Login Failed

A user’s login attempt failed.

 

000B0358

 

Object Events

Property Label

Description

EventID

Allow Login

A user has been allowed to log in.

 

000B0351

 

Add Property

An attribute (property) has been added to an object.

 

000B0334

 

Backlink Operator

A backlink operation has changed an object's console operator privileges.

 

000B020B

Backlink SEV

A backlink operation has updated an object's Security Equivalence Vector.
 

000B020A

Backup

An entry has been backed up.

 

000B030F

 

Change Password

A user's password has changed.

 

000B0302

 

Change Security Equals

An object's Security Equals attribute has been changed.

 

000B0341

 

Check Console Operator

An object has been checked for Console Operator rights.

 

000B032B

 

Create

A new eDirectory object has been created.
 

000B0001

Create Backlink

A backlink has been created.

 

000B032A

 

Delete

An existing eDirectory object has been deleted.
 

000B0002

Delete Property

An attribute (property) has been removed from an object.

 

000B0335

 

Delete Subtree

A container and its subordinate objects have been deleted.

 

000B020C

DSA Read

The Directory System Agent (DSA) has been read. The DSA is an LDAP object which provides clients information about the protocol versions supported, any controls and extensions supported, and information on other LDAP services.

 

000B0230

DSStream

A stream attribute has been opened or closed.

 

000B0319

 

List Containable Classes

A List Containable Classes operation has been performed on an entry.

 

000B031B

 

List Subordinates

A List Subordinate Entries operation has been performed on a container object.

 

000B031A

 

Login

A user has logged in.

 

000B0301

 

Logout

A user has logged out.

 

000B0303

 

Modify RDN

A rename operation has been performed.

 

000B0349

 

Move (Destination)

This event specifies the deletion of a eDirectory object from its original location in the Directory tree.


(This is the second of two events reported for a move operation. The first is DSMoveDestEntry.)

 

000B0005

Move (Source)

This event specifies the placement of an eDirectory object into its new location in the Directory tree.

 

This is the first of two events reported for a move operation. The second is DSMoveSourceEntry.

 

This also generates DSAddValue (?DSAttribute) events for all of the values associated with the object.

 

000B0004

Move (Subtree)

A container and its subordinate objects have been moved.

 

000B0207

Move Tree (End)

A Move Subtree operation has finished.

 

000B0220

Move Tree (Start)

A Move Subtree operation has started.

 

000B021F

Mutate Entry

A Mutate Entry operation has been performed on an entry. A mutate occurs when an object's class is changed to a different class.

 

000B031E

 

Name Collision

A name collision (two entries with the same name) has occurred.

 

000B0227

 

Read Attribute

An entry's attributes have been read.

 

000B0323

 

Read Object Info

A Read Object Info operation has been performed on an object.

 

000B033A

 

Read References

The references on a given object have been read.

 

000B0324

 

Remove

An entry has been removed from a container.

 

000B0309

 

Remove Assoc.
Directory

A file directory associated with an entry has been removed.

 

000B0317

 

Remove Backlink

A backlink has been removed.

 

000B033E

 

Rename

An existing eDirectory object has been renamed.

 

000B0003

Restore

An entry has been restored.

 

000B0310

 

Search

A Search operation has been performed.

 

000B033C

 

Verify Password

A password has been verified.

 

000B030E

 

Attribute Events

Property Label

Description

EventID

Add Entry

An entry has been added beneath a container.

 

000B0343

Add Value

A value has been added to an object attribute.

 

000B0006

Compare Attribute Value

A Compare operation has been performed on an attribute.

 

000B0318

Delete Attribute

An attribute has been deleted from an object. This generates DSDeleteValue events for values associated with the attribute. The DSDeleteValue events occur after the DSDeleteAttribute event.

 

000B0009

Delete Value

A value has been deleted from an object attribute.

 

000B0007s

Modify Object

An attribute has been modified on an object.

 

000B0344

Schema Events

Property Label

Description

EventID

Define Attribute

The eDirectory schema has been extended; that is, a new object type has been added to the schema or a new attribute has been added to an existing object.

 

000B0311

Define Class

A class definition has been added to the schema.

 

000B0314

End Update Schema

An End Update Schema operation has been performed.

 

000B0331

Modify Class

A class definition has been modified.

 

000B0315

New Schema Epoch

A new schema epoch has been declared.

 

000B0348

Remove Attribute

An attribute definition has been removed from the schema.

 

000B0312

Remove Class

A class definition has been removed from the schema.

 

000B0313

Schema Synchronized

The schema has been synchronized.

 

000B0329

Start Update Schema

A Start Update Schema operation has been performed.

 

000B0330

Synchronized Schema

The schema has been synchronized.

 

000B0226

Update Attribute Definition

A schema attribute definition has been updated.

 

000B0212

Update Class Definition

A schema class definition has been updated.

 

000B0211

Update Schema

An Update Schema operation has been performed.

 

000B032F

Connection Events

Property Label

Description

EventID

NCP Retry Expended

The number of retries for an NCP® request has been expended.

 

000B0013s

Remote Connection Cleared

A remote connection has been cleared.

 

000B0010

Remote Server
Down

One server has a referral to another server and the other server is down.

 

000B000F

Agent Events

Property Label

Description

EventID

Connection State Changed

The connection state has changed.

 

 

000B0347

CRC Failure

A CRC failure occurred when fragmented NCP requests were reconstructed.

 

000B0342

Create Namebase

The Directory namebase has been created.

 

000B0340

DS Counters Reset

The internal eDirectory counters have been reset.

 

000B0316

DS Reloaded

eDirectory has been reloaded.

 

This is a statistical counter. It is tracked only if eDirectory is configured to track statistics.

 

000B0333

DSA Bad Verb

A third-party application that interfaces with eDirectory referenced an API number that is not defined in the Netware Core Protocol™ (NCP).

 

000B0204

End Namebase Transaction

An End Namebase Transaction debug message has been sent.

 

000B0350

Local Agent Closed

The local Directory agent has been closed.

 

000B0202

Local Agent Opened

The local Directory agent has been opened.

 

000B0201

Module State
Changed

The eDirectory module's state has changed.

 

 

000B0014
000B0015

NLM Loaded

An NLM™ has been loaded.

 

000B0228

Miscellaneous Events

Property Label

Description

EventID

Check SEV

The Security Equivalence Vector has been checked.

 

000B0011

Close Stream

A Stream attribute has been closed.

 

000B0008

Delete Unused External Reference

An unused external reference has been deleted.

 

000B000D

Generated CA Keys

Certificate of Authority keys have been generated.

 

000B0222

Recertified Public
Key

An entry's public key has been certified.

 

000B0221

Update SEV

The Security Equivalence Vector has been updated.

 

000B0012

Bindery Events

Property Label

Description

EventID

Change Object Security

A bindery object's security has been changed.

 

000B0339

Change Property Security

Security for a bindery object's property has been changed.

 

000B0338

Close Bindery

The Bindery has been closed.

 

000B0346

Create Bindery Object

A bindery object has been created.

 

000B000B

Delete Bindery Object

A bindery object has been deleted.

 

000B000C

Error Via Bindery

An error was returned via the Bindery.

 

000B0203

Open Bindery

The Bindery has been opened.

 

000B0345

Set Bindery Context

The bindery context has been set on the server.

 

000B000A

Replica Events

Property Label

Description

EventID

Added Replica

A replica of a partition has been added to a server.

 

000B0304

Changed Replica
Type

A partition replica's type has been changed; for example, from a read/write replica to a read-only replica.

 

000B0308

End Update Replica

An End Update Replica operation has been performed on a partition replica.

 

000B0327

EntryIDs Swapped

A Swap Entry ID operation has been performed.

 

000B034E

FlatCleaner End

A Flatcleaner operation has completed.

 

000B0217

Inbound Sync End

Inbound synchronization has finished.

 

000B0209

Inspected Entry

An Inspect Entry operation has been performed on an entry.

 

000B031C

Limber Done

A Limber operation has completed.

 

000B0219

Lost Entry

eDirectory has encountered a lost entry. A lost entry is an entry for which updates are being received, but no entry exists on the local server.

 

This event exists mainly for debugging.

 

000B0213

Merged Entries

Two entries have been merged.

 

000B031F

No Replica Pointer

A replica exists that has no replica pointer associated with it.

 

000B0208

One Replica

A partition has been encountered that has only one replica. Novell® recommends that each partition have at least three replicas for greater fault-tolerance.

 

This is a statistical counter. It is tracked only if eDirectory is configured to track statistics.

 

000B0218

Outbound Sync (Server) End

Outbound synchronization from a particular server has finished.

 

000B021C

Outbound Sync (Server) Start

Outbound synchronization has begun from a particular server.

 

000B021B

Partition State
Change Request

 

A partition state change has been requested.

 

000B020F

Purge End

A purge operation has ended.

 

000B0216

Purge Entry Failed

A purge operation on an entry has failed.

 

000B0214

Purge Start

A purge operation has started.

 

000B0215

Received Replica Updates

A replica has received an update during synchronization.

 

000B030B

Removed Replica

A replica of a partition has been removed from a server.

 

000B0305

Repaired
Timestamps

A replica's time stamps have been repaired by the DSREPAIR utility.

 

000B030C

Resent Entry

A Resend Entry operation has been performed on an entry.

 

000B031D

Sent Replica
Updates

A replica has sent an update during synchronization.

 

000B030D

Set New Master

A partition was designated as the new master replica.

 

000B020D

Start Update Replica

A Start Update Replica operation has been performed on a partition replica.

 

000B0326

Updated Replica

An Update Replica operation has been performed on a partition replica.

 

000B0325

Partition Events

Property Label

Description

EventID

Abort Join

A Join operation has been aborted.

 

000B032E

Abort Partition Operation

 

A partition operation, such as a split, join or move, has been aborted.

 

000B030A

Backlink Procedure Done

 

A backlink process has completed.

 

000B022C

Change Tree Name

The tree name has been changed.

 

000B032C

Create Subref

A subordinate reference has been created. A subordinate reference occurs when the server being queried does not contain a copy of the object being referenced. In order to get information about that object, the server being queried must refer to another server that contains a copy of that object.


This is like going to a library to check out a book only to find out the library does not have the book you want. In order to get a copy of the book the librarian uses the library loan program to get the book from a different library that does have a copy. In this case the library you went to does not have a copy but it does know where to find it.

 

000B0321

Join Done

A Join Partitions operation has successfully completed.

 

000B0223

Join Partitions

A parent partition has been joined with a child partition.

 

000B0307

Limber Done

A Limber operation has completed.

 

000B022B

List Partitions

A List Partitions operation has been performed.

 

000B0322

Low Level Join

A low-level join has been performed. This event occurs frequently in a multi-server tree.

 

000B033F

Low Level Split

A low-level partition split has been performed.

 

000B034F

Merge Trees

Two eDirectory trees have been merged.

 

000B0320

Move Tree

A Move Tree operation has been performed.

 

000B0332

Orphaned Partition

An orphan partition operation has been performed. This operation has four variations: Create, Remove, Link, and Unlink.

 

000B034A
000B034B
000B034C
000B034D

Partition Locked

A partition has been locked.

 

000B0224

Partition State Changed

A partition's state has changed.

 

000B033D

Partition Unlocked

A partition has been unlocked.

 

000B0225

Referral Created

A referral has been created.

 

000B0210

Server Address Changed

 

A server's address has changed.

 

000B022F

Server Renamed

A server has been renamed using iManager, ConsoleOne or NWAdmin.

 

000B022D

Split Done

A Split Partition operation has completed.

 

000B021A

Split Partition

A partition has been split using iManager, ConsoleOne or NWAdmin.

 

000B0306

Start Join

A Start Join operation has been performed.

 

000B032D

Sync Partition

A Synchronize Partition operation has been performed on a partition replica.

 

000B0328

Sync Partition End

Synchronization of a partition has finished.

 

000B021E

Sync Partition Start

Synchronization of a partition has begun.

 

000B021D

Synthetic Time
Issued

Synthetic time has been invoked synchronize eDirectory servers.

 

000B022E

Related Topics

eDirectory Instrumentation

Filesystem Events

NetWare® Events

Novell Audit Help

A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.

Close