You can log events through Windows event log and view the events by using Event Viewer. In NetIQ SecureLogin, logging of windows event messages are enabled by default. If you require to send the events through Syslog, use one of the following options:
Forward to Syslog Server: Selecting this option allows only a single connection from a SecureLogin client to Syslog server and caches the events in EventLog. For example, on a citrix or a terminal server, where users are allowed to access a single service there will be a single connection to Syslog and all the events get cached to EventLog. This option is disabled by default.
Syslog Server: Selecting this option connects each SecureLogin client to Syslog server and the events gets cached only for an active SecureLogin session. This option is disabled by default.
SecureLogin provides a facility to disable logging of Windows event messages during installation. Using this option administrators can decide if workstation event messages should be logged for each workstation.
To disable logging of Windows event messages, perform the following:
Launch NetIQ SecureLogin installation wizard. Review and accept the license agreement.
Select the datastore.
In the Custom Setup screen, traverse to the Auditing menu option. Windows EventLog is enabled by default. Deselect the option to stop logging of windows event logs to the workstation.
NOTE:If you have disabled logging of Windows event messages using the Installation Wizard, you must run the installation wizard once again if you want to enable it.
Installing SecureLogin with the Windows EventLog option enabled, updates the registry and creates a registry entry named EnableWindowsEventLog. The details of this registry are as following:
|
Purpose |
Enable/Disable sending audit events to windows event logger |
|
Location |
HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin |
|
Type |
REG_DWORD |
|
Value |
1 - Enable 0 - Disable (Default)o |
This setting when used in conjunction with the Enable logging to Windows Event log preference helps to log Windows event messages for a specific user.
NOTE:SecureLogin preferences can be managed using administrative utilities like iManager or Slmanager. To ensure that the administrative utilities are installed, ensure that you select the Directory Administration Tools option while installing SecureLogin.
Launch Administrative Utility.
Click Preferences > Auditing. The Enable logging to Windows EventLog option is enabled by default. To disable logging, deselect this option.