Logging

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Logging

A server running Routing and Remote Access supports three types of logging:

  1. Event logging

    Event logging is the recording of events in the system event log. Event logging is typically used for troubleshooting or for notifying network administrators of unusual events. For more information, see Remote Access Troubleshooting tools.

  2. Local authentication and accounting logging

    A server running Routing and Remote Access supports the logging of authentication and accounting information for remote access connections in local logging files when Windows Authentication or Windows Accounting is enabled. This logging is separate from the events recorded in the system event log. You can use the information that is logged to track remote access usage and authentication attempts. Authentication and accounting logging is especially useful for troubleshooting remote access policy issues. For each authentication attempt, the name of the remote access policy that either accepted or rejected the connection attempt is recorded.

    The authentication and accounting information is stored in a configurable log file or files stored in the systemroot\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or database-compatible format, meaning that any database program can read the log file directly for analysis.

    To configure authentication and accounting logging, you must first enable either Windows Authentication or Windows Accounting. For more information, see Use Windows Accounting. Then, you can configure the type of activity to log (accounting or authentication activity) and log file settings such as log file format. For more information, see Configure logging.

    For information about the database-compatible format of the log file, see Interpreting database-import log files.

    For information about the IAS format of the log file, see IAS-Formatted Log Files.

  3. RADIUS-based authentication and accounting logging

    A server running Routing and Remote Access supports the logging of authentication and accounting information for remote access connections at a Remote Authentication Dial-In User Service (RADIUS) server when RADIUS authentication and accounting are enabled. This logging is separate from the events recorded in the system event log. You can use the information that is logged on your RADIUS server to track remote access usage and authentication attempts. For more information, see Use RADIUS authentication and Use RADIUS accounting.

    If your RADIUS server is running IAS, then authentication and accounting information is logged in log files stored on the IAS server. For more information, see Logging user authentication and accounting requests.

You can also use the Netsh command-line utility available in the Windows Server 2003 family to collect detailed logs and information about a remote access connection. For instance, you can use the netsh ras set tracing command to enable or disable tracing for a specific component. For more information, see Netsh commands for remote access (ras).