The Audit Log configuration variable, /AgentSetup/auditLog, consists of a new line separated list of KEY=VALUE pairs.
AgentSetup/auditLog keys and values
Determines whether the audit logging feature is turned on or off, and where the information is being logged. The recognized values include the following:
- 0 — turns off audit logging and is the default setting (No, and False are also valid values)
- 1 — logs information to a file (Yes, On, and True are also valid values)
- 2 — log information is sent to the Applications log by default. If you are using Windows 2000 or later, see Creating a custom node in the windows event log.
- 3 — logs information to both a file and Windows Event Log
Determines the delimiter character that separates the fields in the log file. The default character is the pipe-symbol '|'.
Determines the interval at which a new log file is created as follows:
- Daily N — create a new log file every day at approximately the hour N, where N ranges from midnight 12 A.M. represented as 0 to 11 P.M. represented as 23; the default is Daily 0
- Entries N — create a new log file after logging N entries, where N is the number of entries; for example, N >= 100
- Size N — create a new log file when the file reaches a designated size, where N is the file size in KB; for example, N >= 32
Determines how many old log files are retained. The default value is 5.
Each time a new log file is created, the previous files are renamed in the same manner as done with the agent regular log file.
Determines the pathname and filenaming convention for the audit log file. The name can contain the following macros:
- %H — refers to the current agent-host
- %P — refer to the port-number being used
If path is not a fully qualified pathname, the PATROL Agent treats it as being relative to the <PATROL_HOME>/log directory. All subdirectories in the pathname must already exist. PATROL Agent creates the log file but not the directories leading up to the file. If the file cannot be opened, the agent writes an error message to the agent's log file.
The default path and file name is:
NT — PATROL_HOME\log\PatrolAgent-%H-%P.audit
UNIX — PATROL_HOME/log/PatrolAgent-%H-%P.audit
Creating a custom node in the windows event log
When you set the /AgentSetup/auditLog configuration variable to log information to the Windows Event Log, the activity will be logged to the "Applications" Windows Event Log by default. On Windows 2000 or later, you can create a separate, custom "PATROL" node in the Windows Event Log.
The following task describes how to create a custom log. You must first remove the existing agent service (if necessary), and install the agent with the -l (L) command line option.
To remove the agent service
Type the following command in the command line and press Enter:
To install the agent service
- Type the following command in the command line and press Enter:
PatrolAgent -install -l logname (where logname is the desired name for the custom log node)
- Restart your computer for the change to take effect.