Environment
NetIQ Group Policy Guardian 2.0
NetIQ Group Policy Guardina 2.0 SP1
Resolution
Goal
How do I enable logging in Group Policy Guardian?
Goal
Does GPG have any logging capability?
Goal
How can I get audit information from Group Policy Guardian?
Fact
NetIQ Group Policy Guardian 1.6
NetIQ Group Policy Guardian 2.0
NetIQ Group Policy Guardina 2.0 SP1
Fix
To enable or increase the logging for Group Policy Guardian 2.0:
- Access the registry key HKLM\SOFTWARE\FullArmor\FAZAM GP Auditing\Logging. Under the registry key, there are sub-keys for each piece of the GPG application (AuditingService, ControlService, EventAudit, Reporting).
- Using the sub-keys "TraceLevel" string value, specify the location and detail level of the logs. The maximum value that provides the most detailed information is 9 for all logs except reporting. The reporting log entry can be increased to 10. By default, most logs are stored in the
\Documents and Settings\All Users\Application Data\NetIQ\GPG
directory. There are additional logs underDocuments and Settings\All Users\Application Data\NetIQ\GPG\DB
, including anInstall.log
file with the output of the database scripts that are executed during the install. - Restart the console and services to pick up the changes.
- If you have made changes to reporting logging, restart the IIS server using Internet Services Manager.
To enable or increase the logging for Group Policy Guardian 1.6:
- Get the latest
EventAudit.exe
. - Create a directory
temp
underC:\
before restarting the service. - Create the DebugTrace key under HKLM\Software\FullArmor\FAZAM GP Auditing.
- To enable tracing, the verbosity value under DebugTrace should be set to 2.
- Run
EventAudit.exe
to generate theEventAudit.log
file in theC:\temp
directory.
Adding the following XML to the faAuditingService.exe.config
inside the configuration tab will also create the log file with Auditing services logging.
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add name="LogFile" type="System.Diagnostics.TextWriterTraceListener" initializeData="C:\temp\faAuditingService.exe.log"/>
<remove name>
<listeners>
<trace><system.diagnostics>
Note
Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ Technical Support cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be resolved. Make sure that you back up your Registry prior to making any changes.