The remote username obtained by identd, ifidentd is not used, the a - will be recorded in your EZproxy log The IP address of the Host accessing EZproxy The following table breaks down this line of data: Field This will generate the following data in your EZproxy log:ġ32.174.1.1 - “GET HTTP/1.0” 200 1234
The default command used to format data collected in the EZproxy log is as follows: When determining how long to set your AuditPurge, consult with your IT department to ensure that your retention schedule complies with institutional policies for security and reporting purposes.ĮZproxy will automatically generate EZproxy logs and save them in a file named ezproxy.log in the directory where EZproxy is installed. You can increase or decrease the purge number as you see fit to save disc space or ensure that you have the data you need should reporting requests or a security breach require you to reference it. Retaining audit files for longer periods of time will provide you with a larger pool of information for review if you should need to access it.
#Awstats error.log plus
This change to the AuditPurge directive will cause EZproxy to retain the audit file for the current day plus the audit files of the previous 180 days, and delete any file older than 180 days. OCLC suggests increasing the AuditPurge time period to 180, so that your config.txt file looks as follows: This will keep only the audit logs for the current day plus the previous week and delete any files older than 7 days. To limit the amount of storage space your audit logs take up, the AuditPurge directive is also configured by default to 7 following the Audit statement so EZproxy will delete files after a specified period of time. Logs that have been purged as a result of the AuditPurge directive will not be accessible.īy retaining the default Audit Most directive statement in your config.txt file, you will have the most commonly assessed security events recorded to your audit logs. For more details about further customization of the audit logs, see Audit.Īudit logs can be accessed from the EZproxy admin page at any time. This is the default configuration in the config.txt file that is downloaded with EZproxy. An event resulting from the UsageLimit directive occurs.An unauthorized user attempts to access the administrative features of EZproxy.General system activities, such as system startup, occur.An intrusion attempt based on the IntruderIPAttempts or IntruderUserAttempts directive occurs.
A user has a failed attempt to log in to EZproxy.This directive statement will create a log when any of the following events occur: The most common use of the Audit directive to command EZproxy to create audit logs is as follows: Individual files will be named the year, month, and day that the event occurred (e.g.
The information included in these logs can be helpful in monitoring and resolving security issues.Īdding the Audit directive to your config.txt file will command EZproxy to create audit logs when specified events occur and save these files in the EZproxy installation directory. They can also be viewed in your operating system by opening the audit folder within the EZproxy installation directory. However, you can customize your audit logs by specifying which events you would like EZproxy to record and how long you would like EZproxy to retain these files.Īudit events can be viewed by logging in to the EZproxy administration page where you can search all files in the audit directory. These log files are retained in a directory named audit which is a subdirectory of the EZproxy installation directory you cannot redirect these files to be saved in another directory.
#Awstats error.log download
By default, the config.txt file you download with EZproxy is set to Audit Most, which will record most login events, usage limits, and others (see the Audit logs tab for more details). Audit logs are daily logs that contain information about your users’ access to EZproxy as specified by the conditions you set with the Audit directive.
0 kommentar(er)
