The Novell® Audit Windows* instrumentation runs as a service on Windows 2000, XP, and 2003. The Novell Audit Windows instrumentation collects events from the Event Viewer and sends them to the Secure Logging Server for processing by Novell Audit.
To record log file events in the Novell Audit database, the events in the Event Viewer also need to be turned on in the Windows Application object for the Secure Logging Server. For more information about turning on the events in the Secure Logging Server, see Logging Application Events.
After the instrumentation is installed on the Secure Logging Server, you need to confirm that the Windows Event Viewer is logging all the events that you want logged. The Windows and Active Directory* auditing configuration is located in Windows' Control Panel > Administrative Tools.
If the computer is local, you use Local Security Policy.
If the computer is part of a domain, you use Domain Controllers Security Policy. To configure auditing for a domain, you must be on a domain controller. You must first use the Domain Controllers Security Policy administrative tool to enable auditing, and then the appropriate Active Directory administrative tools can be used, as described below.
For a Windows machine with Active Directory installed on it, audit policy can be configured at the following levels:
Local: Use the Local Security Policy administrative tool.
If the machine only has Windows installed on it, this is the only option for configuring the audit policy.
Organizational Unit: Use the Active Directory Users and Computers administrative tool.
Domain: Use the Active Directory Sites and Services administrative tool.
For a Windows machine without Active Directory, you configure audit policy at the Local level. Audit policy is applied in the same order as group policy, which is listed in the Group Priority dialog box of the System Policy Editor. If there is a policy conflict, the most recently applied policy overrides a previously applied policy.
A trademark symbol (®, , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.