Solaris PC NetLink 1.0 Administration Guide

Using Event Logs to Troubleshoot Problems

Careful monitoring of event logs can help you to predict and identify the sources of system problems. Logs also can confirm problems with Windows NT application software. If a Windows NT application crashes, an application event log can provide a record of activity leading up to the event.

The following are guidelines for using event logs to diagnose problems:

Monitoring SunLink Server Security Events

You enable auditing from the Windows NT User Manager for Domains Auditing Policy dialog box. Through auditing, you can track SunLink Server security events. You can specify that an audit entry is to be written to the security event log whenever certain actions are performed or files are accessed.

An audit entry shows the activity that occurred, the user who performed the action, and the date and time of the activity. You can audit both successful and failed attempts. The audit trail can show who actually performed actions on the network and who tried to perform actions that are not permitted.

Events are not audited by default. If you have Administrator permission, you can specify which types of system events are audited through the Windows NT User Manager for Domains tool.

The Audit policy determines the amount and type of security logging that SunLink Server software performs. For file and object access, you can specify which files and printers to monitor, which types of file and object access to monitor, and for which users or groups. For example, when File and Object Access auditing is enabled, you can use the Security tab in a file or folder's Properties dialog box (accessed through Explorer) to specify which files are audited and what type of file access is audited for those files.

How to Monitor Events
  1. Using SunLink Server Manager, log on to, and then open, the SunLink Server system whose event logs you want to view.

    For instructions, see "How to Log On Using SunLink Server Manager". To make any changes, you must be logged on as root.

  2. Double-click Events.

    The following screen appears.

    Graphic

  3. Double-click the name of the log that you want to view.

  4. Double-click any line in the log to see more details about the particular event.

    For background information about interpreting events, see "Interpreting an Event".

How to Monitor Events From the Command Prompt

You can use the SunLink Server elfread command to read system, security and application logs. This command is especially useful when troubleshooting a SunLink Server system that has failed to start. (Events of this type typically are written to the system log.) Use the elfread command as a backup to the SunLink Server Manager, which is the recommended method of viewing log files when the server is running.

  1. At the SunLink Server command prompt, type the following:

elfread [-od] logname

Replace logname with one of the following log types: system, security, or application.

To display the log file contents listing the oldest event first, use the -o option. To display detailed information about events, use the -d option.

If no options are specified, a summary of all events in the specified log is displayed in reverse chronological order.

How to View SunLink Server Information
  1. Using SunLink Server Manager, log on to, and then open, the SunLink Server system whose information you want to view.

    For instructions, see "How to Log On Using SunLink Server Manager". To make any changes, you must be logged on as root.

  2. Double-click Information.

    The following screen appears.

    Graphic

    The data displayed in the Information view is current, though not automatically updated. To update the view with the most recent data, click Refresh in the View menu, or click Information again in the Navigation pane.

The following information is provided:

In addition to furnishing you with vital information, the Information window includes three buttons from which you can initiate various administrative tasks: