Difference: APPXAuditLog (3 vs. 4)
Revision 42008-08-26 - JeanNeron
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
APPX Audit Log | ||||||||
| Line: 8 to 8 | ||||||||
Overview | ||||||||
| Changed: | ||||||||
| < < | uappxd/appxdsvc have been modified to start as a LogMonitor. For uappxd you can create a log monitor service like this: | |||||||
| > > | A new service has been added in Release 5.0 - appxAuditMgr. It accepts the same command parameters as appxLoginMgr, with the addition of the --serviceType=logmonitor flag that indicates it is to run as a log monitor, not a login manager. The appxAuditMgr program is located in the services directory of your Appx installation. For example, here is a command to create a log monitor: | |||||||
| Changed: | ||||||||
| < < | ./uappxd -install -serviceType=logmonitor -name=myLogMonitor -port=8064 | |||||||
| > > | ./appxAuditMgr -install -serviceType=logmonitor -name=myLogMonitor -port=8064 | |||||||
| Port number has to be different from the port number you are using for your users to login. This port is not a listener, so you can not login directly to that port. | ||||||||
| Changed: | ||||||||
| < < | Once you have created this new Service Type, it will create .ini and .env files for you. In our example, uappxd will create myLogMonitor.ini and myLogMonitor.env fiels in /tools directory.
Make sure you change permissions on newly created .ini and .env files:
chmod 775 myLogMonitor chown appx:appxgrp myLogMonitor | |||||||
| > > | Once you have created this new Service Type, it will create .ini and .env files for you. In our example, appxAuditMgr will create myLogMonitor.ini and myLogMonitor.env files in the ./services directory. | |||||||
| You can change the name of the log file (which defaults to /tmp/appxlog%N.xml) by setting the LogNamePattern in the myLogMonitor.ini file. You can also change the LogRotationInterval and LogRotationSize. Since we rotate audit logs, you specify a LogNamePattern instead of just a filename. The pattern can include %N (which is translated to a monotonically increasing counter: 0, 1, 2, ..) or any of the date/time format specs. supported by the strftime() function (see 'man strftime' for a list of the patterns). For example, a LogNamePattern of '/tmp/appx_%F.xml' would generate names like: | ||||||||
| Line: 93 to 85 | ||||||||
| %% A literal '%' character. | ||||||||
| Changed: | ||||||||
| < < | After you have modified .ini file, you need to stop and re-start that service. To stop service, assuming you are in /usr/local/appx/tools directory AND logged in as appx, simply type: | |||||||
| > > | After you have modified .ini file, you need to stop and re-start that service. To stop service, assuming you are in ./services directory of your Appx installation simply type: | |||||||
| Changed: | ||||||||
| < < | ./uappxd -stop -name=myLogMonitor | |||||||
| > > | ./appxAuditMgr -stop -name=myLogMonitor | |||||||
| Changed: | ||||||||
| < < | ./uappxd -start -name=myLogMonitor | |||||||
| > > | ./appxAuditMgr -start -name=myLogMonitor | |||||||
| If you stop/start service as a root, make sure you give it a fully qualified path. | ||||||||
| Changed: | ||||||||
| < < | ./uappxd -stop -name=/usr/local/appx/tools/myLogMonitor | |||||||
| > > | ./appxAuditMgr -stop -name=/usr/local/appx/services/myLogMonitor | |||||||
| Changed: | ||||||||
| < < | ./uappxd -start -name=/usr/local/appx/tools/myLogMonitor | |||||||
| > > | ./appxAuditMgr -start -name=/usr/local/appx/services/myLogMonitor | |||||||
| Please note that -name parameter is required. | ||||||||
| Changed: | ||||||||
| < < | Now Appx is ready to write changes to the log file, client sends XML data to the monitor and the monitor writes to the log file. | |||||||
| > > | Before data can be written to the log file in XML format, you need to define a Log Profile for the monitor. | |||||||
| Changed: | ||||||||
| < < | Before data can be written to the log file in XML format, you need to define FMS group for the monitor. To define FMS group, go to System Administration, Configuration, Log Profile press F9 to add a new profile. You can name it anything you want. For server name you must give it your server name:port number that you created earlier with uappxd: | |||||||
| > > | To define FMS group, go to System Administration, Configuration, Log Profile press F9 to add a new profile. You can name it anything you want. For server name you must give it your server name:port number that you created earlier with appxAuditMgr: | |||||||
 1 0" _moz-userdefined="">" _moz-userdefined=""> 1 2" _moz-userdefined=""> 21600 pixelWidth" _moz-userdefined=""> 21600 pixelHeight" _moz-userdefined=""> 0 1" _moz-userdefined=""> | ||||||||
| Line: 123 to 113 | ||||||||
| To add a new FMS group you need to go to System Administration, Configuration, File System Groups and press F9 to add a new one for the monitor. | ||||||||
| Changed: | ||||||||
| < < | Give it an FMS group of 1, then in the FMS group attributes screen pull down Log Profile Names adn choose the name of your Log Profile. | |||||||
| > > | Give it an FMS group of 1 and click on 'FMS group attributes' button. On that screen enter the name of your Log Profile in the 'Log Profile' field. Note that if you already have an FMS group that is used by the file(s) you wish to monitor, you can simply add the Log Profile name to the existing FMS group. If the FMS group refers to a RDBMS (such as Oracle, SQL Server, etc), then only changes made by Appx will be logged. | |||||||
| You can now assign this FMS group to the file(s) that you wish to monitor. | ||||||||
| Line: 134 to 124 | ||||||||
| where PID is a process ID of the audit log listener. Existent log will be closed and rotated tot he next one. | ||||||||
| Changed: | ||||||||
| < < | Generated xml log files can be viewed with a browser, with XML Notepad, or you can download SQL Express (free) and write queries against your XML file. | |||||||
| > > | The log file is generated in XML format. Why XML, and not Appx/IO? The biggest reason is the size of the log
files. On large, active systems the number of events can exceed
the maximum file size. XML files can easily be imported into a RDBMS,
which does not have the same file size limitation. You can view the log file with a browser, with XML Notepad, or you can download SQL Express (free) and write queries against your XML file. You can also use the various xlst processing programs to create queries (such as xsltproc or xalan from Apache). | |||||||
| Each Audit Log document contains one primary enclosing <events> node which contains one | ||||||||
| Line: 220 to 215 | ||||||||
| ||||||||
| Added: | ||||||||
| > > | Sample scriptsHere are some sample xslt processing commands that you can use to do inquiries against the raw XML data. The attached file 'structure.xslt' will extract any file create events from a log and produces an HTML table that shows the structure of each file that you create. The attached file 'subrs.xslt' extracts all events where the process type is SUBR and produces an HTML summary table that shows the user id, date, time, event ID, application ID, version, and process name. To use a stylesheet with xsltproc (the XSLT processor from libxml/xmlsoft): $ xslt stylesheetFileName logFileName >output.html for example:$ xslt /stylesheets/structure.xslt /tmp/appxlog0.xml > /tmp/fileCreates.html To use a stylesheet with xalan (the XSLT processor from Apache): $ xalan -xsl stylesheetFileName <logFileName >output.html for example: $ xalan -xsl /stylesheets/structure.xslt < /tmp/appxlog0.xml > /tmp/fileCreates.html Need examples of loading XML Data into an RDBMS | |||||||
BUGS#2195 - FIXED - System Administration - Configuration - Log Profiles. There is a button at the bottom of the screen that is carried over to the details screen. it looks like it's just a left over and needs to be removed#2201 - FIXED - --- MOD SCROLL BEHAV subroutine needs to be added to the input process. Also, when in CHANGE MODE, it highlights the Name, but then you press ENTER to go to the next screen - and it takes you tot he next record instead. #2219 - FIXED -Testing showed the when you issue kill -1 PID command, it kills the listener, but doesn't close the file. Furthermore, when you restart listener - your log file is getting completely wiped out. Same results were when kill -s sigusr1 PID command was issued - the log file didn't close, Appx session closed and log file was wiped out. | ||||||||
| Line: 243 to 263 | ||||||||
| -- SteveFrizzell - 20 Jun 2008 | ||||||||
| Added: | ||||||||
| > > |
| |||||||
View topic | History: r25 < r24 < r23 < r22 | More topic actions...
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback