Security logs

The application’s clients and servers generate a number of log files. These logs enable an administrator to evaluate the performance of the system and potentially troubleshoot problems. Each server configuration has its own server log and security log. Each client creates its own log file, which records activity between that client and the server configurations it is connected to.

Users must have the appropriate security access rights in order to view a log file. These access rights can be set using the Tools > Accounts > Access Rights menu option in the Server Administration tool.

Server log files

The server log file (Server.locale.Log) records the activity on a server configuration. Each time you start a server configuration, the Server renames the existing log file and creates a new log file for the current server configuration session. The log file from the previous startup is renamed to include the date and time at which it was renamed (Server.locale.date.Log). For example, if you start a server configuration on November 9, 2011 at 5:22 P.M., the old Server.locale.Log file is renamed Server.en-US.2011-11-09-17-22-59.Log and a new Server.locale.Log file is created whose time stamp might be 11/9/2011 17:23:03.

If the locale specified for the operating system on which your server runs is not US English, you will have two server log files: one for US English and one for your locale. For example, you might have both Server.en-US.Log and Server.fr-FR.Log. The first log is for support purposes, and the second log is for your use.

You can view the contents of the server log file at any time, even while the server configuration is running by choosing Tools > Administration > Server Log.

Security log files

A security log records all security-related events for a server configuration. For each secured event (such as logging on or off), the security log records the date and time it occurred, the user performing the operation, the workstation from which the operation was performed, the item acted upon, and whether the operation failed.

Depending upon the number of users and the amount of activity on a server configuration, the security log may grow rapidly. To keep the log to a reasonable size, you can have the server delete old entries. First, decide how long you want to have security events available, then configure the server configuration to purge entries that are older than this time period. See “Working with the Security Log” topic in Related Information for how to purge security log entries.

If you have access rights to a server configuration, you can view its security log at any time the server is running. The security log is not a typical log file, as its data is stored in the application database. The security log is available by choosing Tools > Accounts > Security Log.

StarTeam.Log file

The StarTeam.Log file records the operations performed on your client workstation during a session. It helps you troubleshoot and document errors or operations between the server and your workstation that failed during server configuration sessions.

Every time you start your client, the system creates a StarTeam.Log file in the folder location specified in your personal options.

The StarTeam.Log file may contain the following types of information:

  • Commands sent by your workstation to a server configuration when you open and work with a project. If you work with projects on several different server configurations, you can configure the StarTeam.Log file to include the server configuration name with the command information it records.
  • Commands performed locally on your workstation, such as setting personal options.
  • Error messages generated while using the application.

On most systems, the default location for the StarTeam.Log file is C:\Program Files\Borland\StarTeam x.x. If there is a StarTeam.Log file already in this folder, the application renames the existing file to include the date and time at which it was renamed. For example, if you create a StarTeam.Log file on November 9, 2011 at 10:35 A.M., the old StarTeam.Log file is renamed StarTeam-09-Nov-11-10-35-18.Log, and a new StarTeam.Log file is created.

Tip: Tip Because the application creates a new StarTeam.Log file every time you start the client, the log folder can fill up quickly. To control the number of log files in the folder, you may want to periodically delete old log files from the output folder or disable the StarTeam.Log option. To disable the option, clear the Log Errors and the Log Operations check boxes on the Workspace tab of the Personal Options dialog.

Back to top

Working with the security event log

If you have access rights to a server configuration, you can view its security event log at any time. The security event log is not a typical .Log file, as its data is stored in the application database. This operation can be performed only when the server is running.

To view the security event log:

  1. Open the Server Administration tool. If you are using the Server Administration tool installed with the client, you can administer remote servers only.
  2. Select the appropriate server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Select Tools > Accounts > Security Log. These actions display the Security Log contents. This log lists each secured event (such as logging on or off), the date and time it occurred, the user performing the operation, the workstation from which the operation was performed, the item acted upon, and whether the operation failed.
  4. Use the Security Event Type drop-down list box to view all events of a particular type.
  5. To reload the security event log and review the most recent entries, click Reload from the Security Event Log dialog box.
  6. To print the data selected from the log, click Print Selection from the Security Event Log dialog box.

Depending upon the number of users and the amount of activity on a server configuration, the security event log may grow rapidly. To keep the log to a reasonable size, you can have the Server delete old entries. First, decide how long you want to have security events available, then configure the server configuration to purge entries that are older than this time period. This operation can be performed only when the server is running.

To set the interval for purging the security event log:

  1. Open the Server Administration tool. If you are using the Server Administration tool installed with the client, you can administer remote servers only.
  2. Select the appropriate server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Click Tools > Accounts > System Policy from the menu. The System Policy dialog box appears.
  4. Select the Security Events tab.
  5. Select the Purge Security Event Entries Older Than __ Days check box. (Clearing this check box keeps the entries indefinitely.)
  6. Type the number of days in the text box. The range is 30 to 1000. The default is 180. The next time the server configuration starts, entries that exceed the purge limit are deleted.
  7. Click OK.
  8. Restart the server configuration for the purge interval to take effect.

Back to top

Security event types

If you have access rights to a server configuration, you can view its security event log at any time. The security event log is not a typical .Log file, as its data is stored in the application database. This operation can be performed only when the server is running.

Add item owner Indicates that a user created a folder or an item.
Add user/group Indicates that a user or group was added to the server configuration.
Add/Edit container access rights Indicates that access rights were added or changed for a group of objects contained in another object. For example, if you select Project > Access Rights and change rights for all change requests in the project, that event fits into this category.
Add/Edit item access rights Indicates that access rights were added or changed for a specific object. For example, if you change access rights for a project, that event fits into this category.
Change user Indicates that someone changed user names as part of a replication process. This event can occur when special clients, such as Notification Agent, perform operations.
Delete container access rights Indicates that access rights were deleted at the container level.
Delete item access rights Indicates that access rights were deleted at the item level.
Delete user/group Indicates that a user or group was deleted.
Edit user/group Indicates that the properties for a user or group were changed in some way.
Force user logoff Indicates that a user was forced to log off the server configuration.
Item access check Indicates that access rights were checked to see if the user could access a specific item.
Logoff Indicates that a user logged off the server configuration.
Logon Indicates that a user logged on to the server configuration.
Logon attempt: Account lockout Indicates that a user attempted to log on and the account was locked.
Logon attempt: Expired password Indicates that a user attempted to log on and the password had expired.
Logon attempt: No such user name Indicates that a user attempted to log on with a non-existent user name.
Logon attempt: Restricted access time Indicates that a user attempted to log on at a time when he or she was not allowed access.
Logon attempt: Suspended account Indicates that a user attempted to log on and the account was suspended.
Logon failure Indicates that an incorrect password was used during the logon process.
Policy change Indicates that a system policy has changed.
User status change Indicates that an administrator suspended, reactivated, locked, unlocked, or required a password change on a user’s account.

Back to top