Administering AuditMaster : Editing the Server Description
Editing the Server Description
When a server is added for monitoring, its default name in the data tree uses the path name to the \Data folder in the AuditMaster home directory. If needed, you can assign a more meaningful name.
Note Data tree names have no effect on network names.
To edit a server description
1
In the data tree, right-click the server icon and select Edit Server Description.
The Edit Server Description dialog box appears.
2
Replace the string with new text. You may use spaces.
3
Click OK.
The server icon in the data tree has a new name.
Removing a Server
When you remove a server connection from an AuditMaster viewer client data tree, the client no longer has access to that server. However, auditing continues on the server, and existing audit records, users, and settings remain because the server is where they are stored. If you add the server connection again, everything that was present before is redisplayed in the data tree.
To remove a server
1
Click a server in the AuditMaster data tree and select Server Remove.
A dialog box prompts you to confirm the removal.
2
Select Yes to remove the server.
The server is removed from the data tree.
Removing the Network Share
AuditMaster under Microsoft Windows installs a hidden network share to enable remote client access for AuditMaster Viewer from other machines. If you would like to disable the network share for security reasons, you can replace it with an explicit local path name after AuditMaster installation. This replacement can be done only on the server where AuditMaster is installed, not from a remote client. No existing audit records are affected, but auditing must stop momentarily when you restart the event handler to complete the share removal process.
Note Removing the network share will prevent remote access by all AuditMaster Viewer clients to the AuditMaster system. Be sure that you want to remove it.
To replace the default network share with a local path name
1
On the machine where AuditMaster server is installed, open AuditMaster Viewer from the operating system Start menu or Start screen.
The Pervasive AuditMaster window appears, listing servers available for monitoring.
2
Right-click a server configuration to select Login. You may also double-click.
The AuditMaster Login dialog box appears.
3
Enter an AuditMaster administrative login name and password, and click OK.
Note The built-in user ID admin has the default password MASTER. Passwords are case-sensitive; user names are not. To change this password, see Changing Your User Password. For information on the relation of AuditMaster logins to database and OS logins, read under Displaying Audit Records under Pervasive PSQL Security.
4
Select Admin Server Settings.
The Server Settings dialog box appears. On the left, the AMMON path settings are at the top of the list and are already highlighted.
5
For each of the settings in the Value column on the right, double-click the path name and change
\\server\PVSWAUDIT$
to
drive:\Pervasive PSQL root directory\Audit
where server is the name of the machine on which Pervasive PSQL server and the AuditMaster event handler are installed and drive and Pervasive PSQL root directory are, respectively, the local drive letter and path name to the AuditMaster directory selected at installation time.
In this example, the result would resemble the following:
6
In the list of sections on the left, select Common Settings.
The dialog box displays the values on the right.
7
Double-click the value for the AuditMaster status log file and change it to
drive:\Pervasive PSQL root directory\Audit\amstatus.log
The result might resemble the following:
8
In the list of sections on the left, select TNBTMON Paths.
The dialog box displays the values on the right.
9
Double-click the value for each path name and change
\\server\PVSWAudit$
to
drive:\Pervasive PSQL root directory\Audit
The result might resemble the following:
10
After you have finished changing the values, click OK.
The system displays a prompt to restart the event handler.
11
Click OK.
Do not restart the event handler yet. You will do that later in this task. If needed, see Restarting the AuditMaster Event Handler.
12
Select Server Add.
The Locate 'amserver' on Your AuditMaster Server dialog box appears.
13
Using the new path value that you have been implementing, enter drive:\Pervasive PSQL root directory\Audit\DATA to navigate to the location of the file amserver, which contains all of the settings you have just changed.
The path name you enter might resemble the following:
14
Select the file amserver, and click Open.
Based on the new server settings you have entered, the new server appears.
15
Select the old server node with the network share in its name and then select Server Remove.
The system prompts you to confirm removal of the old server configuration.
16
Click Yes.
The server is removed from the list and the status field at the bottom of the main window indicates no server is active.
17
Exit from AuditMaster Viewer.
In order to remove the network share, AuditMaster and Pervasive PSQL services must not be running.
18
If Pervasive PSQL Control Center (PCC) is not running, start it from the operating system Start menu or Start screen.
19
In Pervasive PSQL Explorer, right-click the Services node and select Stop All Services.
20
In Windows Explorer, open the folder drive:\Pervasive PSQL root directory.
The shared folder Audit appears in the list of files.
21
Right-click the shared folder icon and select Properties.
The Properties window appears.
22
Select the Sharing tab.
The Sharing pane comes to the front.
23
Select Do not share this folder, and click OK.
The share is deleted and the Properties window closes.
24
In Pervasive PSQL Explorer, right-click the Services node and select Start All Services.
25
After the services have restarted, verify that AuditMaster is working properly without a network share by opening the viewer to log in. Open AuditMaster Viewer from the operating system Start menu or Start screen.
The Pervasive AuditMaster window appears, showing the available server.
26
Right-click the configuration to select Login. You may also double-click.
The AuditMaster Login dialog box appears.
27
Enter an AuditMaster administrative user name and password, and click OK.
Note The built-in user ID admin has the default password MASTER. Passwords are case-sensitive; user names are not. To change this password, see Changing Your User Password. For information on the relation of AuditMaster logins to database and OS logins, read under Displaying Audit Records under Pervasive PSQL Security.
The new AuditMaster server is now ready to operate without a network share. Other server settings are unchanged and previously captured audit records captured remain in the system. Only the means of the viewer client connection has changed.
Reviewing System Activity in the Status Log
AuditMaster Status Log Viewer displays the activity logging that the system performs on itself. It provides a list of status messages and internal errors generated by AuditMaster operations. In a development environment, it also can be configured to capture messages for debugging purposes.
To view, filter, and sort status log records
1
Open Status Log Viewer by doing one of the following:
w
In AuditMaster Viewer, select Admin then View Status Log.
w
Access the Status Log from operating system Start menu or Apps screen, or from the installation location (the default is C:\<installation directory>\Audit\Data). This method is especially useful if the viewer is not responding because of a system problem, such as disk full.
The Status Log Viewer window displays several types of messages. Normally, these are all status messages to provide information on current system operation.
2
If needed, set filter options to display only the status records you want. The Clear Fields button allows you to start over on most fields. The filtering options are given in the following list:
w
To filter the log by the type of message, select the type of message from the Message Type list.
w
You may choose to view debug and error messages, which can be helpful in troubleshooting any unexpected behavior in AuditMaster.
w
To filter by the Module Name, enter the name of the module.
w
To filter by the source file, enter the name of the source file.
w
You can look at specific lines of the source file by entering the line numbers in the fields provided.
w
To filter by specific dates, select dates from the Earliest and Latest lists.
w
To filter by searching for message content, enter a text string and select checkboxes for matching exact text or case.
For example, the text string archiv will display only status records related to AuditMaster archived files.
Selecting for exact text requires that the Message Content field contain the entire text string for the search. If you are searching for partial text strings, leave this checkbox cleared.
3
When you are finished setting filter options, click Refresh.
The viewer refreshes with only records you wish to see.
4
You also may sort status log records by selecting column headers on which to sort.
For example, use the SHIFT key to select both the Date and Time columns to order the records chronologically.
5
After selecting columns on which to sort, click Refresh.
The viewer refreshes by sorting the records displayed.
Maintaining Users
As part of AuditMaster security, only trusted personnel are allowed access to the AuditMaster system. As administrator, you must define user names and provide a password for each user. You must also decide whether each user shall also have your same administrator privileges.
This section covers tasks done in the User Maintenance window.
n
To add a user
n
To remove a user
To add a user
1
Select Admin User Maintenance.
The User Maintenance window appears.
2
Enter a user name and password. Passwords are case-sensitive, user names are not.
3
Click Create User.
4
You are asked whether this user is to have AuditMaster administrator privileges. Click Yes or No as appropriate.
The new user appears in the list of current users.
To remove a user
1
Select Admin User Maintenance.
The User Maintenance window appears.
2
Select a user in the Delete User list.
3
Click Delete User.
4
You are asked to confirm the deletion. Click OK.
The user is removed from the list.
Setting the Audit Filter
The trusted list restricts auditing by stopping capture of audit records of low value, such as monitoring of system or batch processes that represent no direct access by human users.
Once a name is listed as trusted, the system ignores it globally and logs no activity for that name for any audit configuration.
To add a name to the trusted list
1
Select the Admin Audit Filter Trusted List command.
The Trusted List window appears.
2
In the User Name field, enter a text string as it would appear in the User Name column of the audit record grid. The string you enter is not case-sensitive (i.e., SYSTEM, System, and system are the same).
The Add button becomes active.
3
Click the Add button.
The name you entered moves to the Users list.
4
Click Close.
5
To activate the new trusted list, you must restart the event handler. See Restarting the AuditMaster Event Handler.
To delete a name from the Trusted List
1
Select the Admin Audit Filter Trusted List command.
The Trusted List window appears.
2
In the Users field, select one or more names to delete. You may use shift-click and control-click for your selection.
The Delete button becomes active.
3
Click the Delete button.
Your selections are removed from the trusted list.
4
Click Close.
5
To activate the new trusted list, you must restart the event handler. See Restarting the AuditMaster Event Handler.
Maintaining Server Settings
The Server Settings window displays AuditMaster system settings. It is available using the Admin Server Settings command.
The window offers the following sections of system settings:
n
Ammon Paths
n
Ammon Settings
n
Automated Archiving
n
Common Settings
n
Errors to Audit
n
Operations to Audit
n
TNBTMON Paths
Some of the settings in these sections can be changed; however, in most cases it is best to leave the defaults, with the possible exception of the following options:
n
Automated Archiving
n
Archives to Keep
n
Archive Disk Limit
n
Errors to Audit
n
Operations to Audit Globally
After a change is made, except for automated archiving, the event handler must restart to activate the new setting. If needed, see Restarting the AuditMaster Event Handler.
Automated Archiving
The Automated Archiving section offers options for configuring the audit record archiving.
By default, AuditMaster automatically moves audit records to an archived file when audit records in the log file reach 75 MB. However, in the Automated Archiving section of Server Settings, you can change this default size, choose to archive by date, or a combination of the two.
If you select the checkboxs for both By Date and Time and By Size Threshold, then whichever condition occurs first will prompt the system to create an archived file and reset the log file to empty.
If you clear the By Size Threshold setting and choose only By Date and Time, the system still uses a 2 GB size threshold. If the date and time you select has not occurred and the log file size reaches 2 GB, the system will automatically archive, then when the date and time arrive, it will archive again.