The primary tools for auditing consist of the SYSTEM/SUMLOG, which is the file containing the records of events and actions on the system, and the companion security log file SYSTEM/SECURITYLOG, which contains security-related records. References to the SYSTEM/SUMLOG apply to both the SYSTEM/SUMLOG and the SYSTEM/SECURITYLOG.

The SYSTEM/SUMLOG file contains system access violations reported from the TCP/IP filtering component, Web Transaction Server, and other MCP security products. Break-in attempts, attempted resource misuse, and other security-relevant issues that are recorded can be listed in a report for review and action by the security administrator.