We would be honored if you visited our blog Visit the GSW Forums and read/post/reply to topics and questionsView GSW Training Videos on Team Services
Go to GSW UTS Power Features Home
UTS - Power Feature - Event Logging
You are viewing GSW UTS Power Feature - Event Logging    
Our News

2017 at GSW

View our Updated Forums

Connect with GSW

Stay current with GSW by connecting with us through our blog and our social media pages.



Graphical User Interface (GUI) Configuration Tool - Major

Windows Explorer style interface allowing provisioning and configuration manangement. Faliliar to use operations such as copy, paste, rename, delete, export, import are applied tto configurations on a user or system basis. Create templates and quickly view summary configuration data.

Innovation - Major

TEAM SERVICES  provides your mobile device users a breakthrough in Telnet/SSH2 technology that shatters all prior usability and efficiency standards by allowing unprecedented user collaboration.  Now mobile device users are empowered to share resources, transfer, swap, share and recover dropped sessions. All from the mobile device, no system administrator necessary. All operations can be performed in under 60 seconds.

Video Overviews

Team Services  is the first feature set to offer Video overviews. We are excited to provide additional methods to meet customer expectations. Visit the GSW Video Channel!

Request a Webinar

Want to know more about UTS, RC MDMS or GSWBrowse? Request a Webinar. Give us a call or use our contact form and request a webinar.

 

GSW Event Logging

The Georgia SoftWorks SSH2/Telnet Server for Windows provides the System Administrator with useful SSH2/Telnet Server Activity information that can be used for generating reports. The System Administrator can enable or disable various events that are logged. The logged information is in an easy to import ASCII comma delimited format.

Two files are of interest

1. The log definition file: gsw_ldef.txt and

2. The actual log file gsw_elog.txt

Event Log Definition File:
The configuration file gsw_ldef.txt specifies the events that are maintained in the log file. This file resides in the SSH2/Telnet server installation directory. Usually this is c:\gs_uts. Each event that can be logged is listed together with its description.

The format of this file is:

Event ID <SPACE> Group ID <SPACE>Description of the event

The “#” character is the comment symbol. Insert a "#" character in column 1 of a line to disable the logging of a specific event. Enabling or Disabling the logging of specific events are the only allowed modifications to this file.

The Default configuration for gsw_ldef.txt is:

1 100 Session Created

2 100 Session Suspended

3 100 Session Reconnected

4 100 Session Exited Normally

5 100 Session Exited Abnormally

6 100 Logon Failed

7 200 Print Job Redirected

8 400 File transferred (put)

9 400 Print File transferred (get)

10 500 Command execution event sent to client

If you do not want to log Print Jobs and Failed Logons you would insert the # as the first character of those events.

1 100 Session Created

2 100 Session Suspended

3 100 Session Reconnected

4 100 Session Exited Normally

5 100 Session Exited Abnormally

#6 100 Logon Failed

#7 200 Print Job Redirected

8 400 File transferred (put)

9 400 Print File transferred (get)

10 500 Command execution event sent to client

NOTE: The event ids and descriptions in the file cannot be changed.

Event Log File

The log file is a comma-delimited text file where the activity events are actually stored. By default the maximum size of log file gsw_elog.txt is 1 megabyte. Once the file has reached the maximum size the file is renamed to gsw_elog.bak and starts logging in a new gsw_elog.txt. This actually provides up to 2 megabytes of log information to the administrator. The size of the gsw_elog.txt can be changed in the registry (See page 188).

The GSW Event Log resides in the "Log" subdirectory of the Installation folder in a comma-delimited file with the name gsw_elog.txt.

Georgia SoftWorks Event Log File Name: gsw_elog.txt

The format of the comma-delimited file is as follows.

Field Description Data Type Description Event ID Integer Event Group ID Integer Useful for Filtering with Reports Login Id Text Quoted Text Field Domain Text Quoted Text Field Session ID Text Quoted Text Field Time Stamp Date/Time YYYY-MM-DD HH:MM:SS Client Type Integer 0 = 3rd Party, 1 = Georgia SoftWorks Encrypted Session Integer 0 = Not Encrypted, 1 = Encrypted Event Specific Integer Integer Event Specific Text Text Quoted Text Field

Table 38 - GSW Event Log File Format

An example of the data in the gsw_elog.txt file may look like:

7,200,'Laura','.','1E339C27B99',2000-09-15 15:42:22,1,0,1326,''

1,100,'Rebecca','.','1E439C27BCD',2000-09-15 15:43:09,1,0,0,''

6,100,'Joseph','.','5A39C27C2C',2000-09-15 15:44:52,1,0,1326,''

1,100,'Anna','.','17F39C27C39',2000-09-15 15:45:03,1,0,0,''

1,100,'benjamin','.','12C39C27C66',2000-09-15 15:45:47,1,0,0,''

4,100,'John','.','1E439C27BCD',2000-09-15 15:46:07,1,0,0,''

5,100,'Wally','.','12C39C27C66',2000-09-15 15:46:37,1,0,0,''

1,100,'Luke','.','12C39C27C66',2000-09-15 15:46:51,1,0,0,''

2,100,'RaySpurg','.','12C39C27C66',2000-09-15 15:47:00,1,0,0,''

3,100,'Doug','.','12C39C27C66',2000-09-15 15:47:12,1,0,0,''

3,100,'Wanda','.','17F39C27C39',2000-09-15 15:47:20,1,0,0,''

Defined Events are: Event Id Event Group ID Name 1 100 Session Created 2 100 Session Suspended 3 100 Session Reconnected 4 100 Session Exited Normally 5 100 Session Exited Abnormally 6 100 Logon Failed 7 200 Print Job Redirected 8 400 File Transferred via GS_PUT 9 400 File Transferred via GS_GET 10 500 Command execution event sent to client

Table 39 - Defined Log Events

Modify the Log File Size

This is how to change the registry key for the size of the Log File. The size is specified in bytes and the default is 1000000.

Note: (you must be on the Windows system that the Georgia SoftWorks SSH2/Telnet Server is installed. However you may connect to the Windows Registry from a remote location).

The key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GS_Tnet\Parameters\ActivityLogFileLength

1. Click the Start button at the bottom left corner of your screen.

2. Click RUN

3. Type REGEDT32

4. Click OK

5. Select Windows item HKEY_LOCAL_MACHINE

6. Select the menu item Edit

7. Move the mouse pointer and click Find

8. Type ActivityLogFileLength

9. Click on Find Next

10. Select the menu item Edit and then click on Modify

11. Enter the new value for the ActivityLogFileLength and click OK

The new Activity Log File Length will take effect.

Share it!    Bookmark  Georgia SoftWorks Telnet Server Power Features - Event Logging at Delicious Digg Georgia SoftWorks Telnet Server Power Features - Event Logging Share Georgia SoftWorks Telnet Server Power Features - Event Logging with your Twitter followers Share Georgia SoftWorks Telnet Server Power Features - Event Logging at StumbleUpon Add Georgia SoftWorks Telnet Server Power Features - Event Logging to your Technorati favorites Share Georgia SoftWorks Telnet Server Power Features - Event Logging on Facebook Share Georgia SoftWorks Telnet Server Power Features - Event Logging on Blinklist Share Georgia SoftWorks Telnet Server Power Features - Event Logging on Diigo Share Georgia SoftWorks Telnet Server Power Features - Event Logging on Reddit Share Georgia SoftWorks Telnet Server Power Features - Event Logging on Linked In Seed the vine with Georgia SoftWorks Telnet Server Power Features - Event Logging