Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
APPX Audit Log Feature | ||||||||
Line: 45 to 45 | ||||||||
-rwsrwxr-x 1 root appxgrp 636843 Jul 11 07:31 appxAuditMgr | ||||||||
Changed: | ||||||||
< < | Creating and Configuring the APPX Audit Log Service | |||||||
> > | Creating and Configuring an Audit Log Service | |||||||
Changed: | ||||||||
< < | On Unix/Linux systems, an instance of the APPX Audit Log Service is initially created, configured, and started by running the appxAuditMgr command with the -install option. At least one appropriately configured instance of the APPX Audit Log Service must be created, configured, and started before running an APPX session for which file I/O activity is to be logged. You may create, configure, and start as many different instances of the APPX Audit Log Service as you desire. However, each concurrently running instance must be configured to receive file I/O audit data on a different TCP/IP port. | |||||||
> > | On Unix/Linux systems, an instance of the APPX Audit Log Service is initially created, configured, and started by running the appxAuditMgr command with the -install option. At least one appropriately configured instance of the APPX Audit Log Service must be created, configured, and started before running an APPX session for which file I/O activity is to be logged. You may create, configure, and start as many different instances of the APPX Audit Log Service as you desire. However, each concurrently running instance must be configured to receive file I/O audit data on a different TCP/IP port. Each instance of the Audit Log Service will log file I/O activity to a separate xml file. By creating more than one instance of the APPX Audit Log Service, you can separate the file I/O activity that is logged into separate files by assigning different Log Profiles to FMS groups or individual files. | |||||||
Creating an Audit Log Service | ||||||||
Changed: | ||||||||
< < | Before file I/O activity can be logged, at least one instance of an APPX Connection Service must be configured and started. | |||||||
> > | Before file I/O activity can be logged, at least one instance of an APPX Audit Log Service must be configured and started. | |||||||
The -install option of the appxAuditMgr command is used to initially create, configure, and start an instance of the APPX Audit Log Service. The following steps are performed:
| ||||||||
Line: 58 to 58 | ||||||||
| ||||||||
Changed: | ||||||||
< < | For compete information on using the -install option of the appxAuditMgr command, please refer to the usage section of this page. | |||||||
> > | When creating an instance of the APPX Audit Log Service, you must provide the Service Name, Service Type, and TCP/IP Port Number. For compete information on using the -install option of the appxAuditMgr command, please refer to the usage section of this page. | |||||||
| ||||||||
Line: 68 to 68 | ||||||||
When creating an instance of an APPX Audit Log Service, the -ServiceType option must be specified. The value of this option must be "logmonitor".
TCP/IP Port NumberWhen creating an instance of an APPX Audit Log Service, the -SockPort option must be used to specify the TCP/IP port number on which the service is to listen for audit logging requests. Any available TCP/IP port number may be specified when installing an instance of the APPX Audit Log Service. However, as a matter of convention, most APPX administrators configure the APPX Audit Log Service to listen for connections on port 8070. If additional instances of the APPX Audit Log Service are configured, each instance is typically assigned the next available port number after 8070. | ||||||||
Changed: | ||||||||
< < | Changing an Audit Log Service | |||||||
> > | Changing the Configuration of an Audit Log Service | |||||||
Two methods are available for modifying an existing instance of an APPX Audit Log Service.
| ||||||||
Changed: | ||||||||
< < | A text editor can be used to directly edit the APPX Audit Log Service configuration files (ini and env). The configuration files include comments to help you make the desired changes. If you use this method to modify an existing configuration, you should exercise care to ensure that the syntax is correct. The preferred method for modifying an APPX Audit Log Service configuration is with Method 1 above. | |||||||
> > | A text editor can be used to directly edit the APPX Audit Log Service configuration files (ini and env). The configuration files include comments to help you make the desired changes. If you use this method to modify an existing configuration, you should exercise care to ensure that the syntax is correct. The preferred method for modifying an APPX Audit Log Service configuration is with Method 1 above. When you edit the configuration files for an instance of the APPX Audit Log Service with a text editor, you must restart the service before the changes take effect. | |||||||
Managing an Audit Log ServiceTwo methods are available for managing an existing instance of the APPX Audit Log Service. | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | ||||||||
Method 1 - appxAuditMgr command | ||||||||
Changed: | ||||||||
< < | The appxAuditMgr command can be used to manage an instance of the APPX Audit Log Service. The appxAuditMgr command can be used to start, stop, restart, or display the status of an instance of an APPX Audit Log Service.
Method 2 - O/S ServicesYour operating system includes commands or programs that can be used to manage services. APPX Audit Log Services can be managed with these tools. The actual commands and programs vary depending on your operating system. Red Hat uses the command line tool service | |||||||
> > | The appxAuditMgr command can be used to manage an instance of the APPX Audit Log Service. The appxAuditMgr command can be used to start, stop, restart, or display the status of an instance of an APPX Audit Log Service. The following example shows how to use the appxLogMgr command to check on the status of an APPX Audit Log Service.
[root@500test tools]# appxLogMgr -status logmon-8436 up and running (process 2390 servicing port 8436) Method 2 - O/S Services | |||||||
Changed: | ||||||||
< < | . | |||||||
> > | Your operating system includes commands or programs that can be used to manage services. APPX Audit Log Services can be managed with these tools. The actual commands and programs vary depending on your operating system. Red Hat uses the service command. The following example shows how to use the Red hat service command to check on the status of an APPX Audit Log Service. | |||||||
Changed: | ||||||||
< < | [root@tubes tools]# service appxd-8060 status Warning - the engine that you named has the setuid bit enabled, you may not want that bit set for the authentication method that you have chosen (OS-User) To turn off the setuid bit, chmod u-s ../appx up and running (process 13893 servicing port 8060) [root@tubes tools]# | |||||||
> > | [root@500test tools]# service logmon-8436 status up and running (process 2390 servicing port 8436) | |||||||
Changed: | ||||||||
< < | Notes | |||||||
> > |
Usage (appxAuditMgr)
| |||||||
Added: | ||||||||
> > | After creating the configuration files and the operating system service, the -install command starts the service. -modify -name=SERVICENAME [options]... [VARIABLE=VALUE]...
The -modify command is used to modify the configuration of an existing Audit Log Service. The specified options will be updated in the service configuration files. Any options not specified will not be changed. After updating the configuration files, the -modify command restarts the service. Note that when specifying variables on the command line, you must prefix them with a dash if you are referring to settings such as DisplayName, or without a dash if you are referring to environment variables. Note that the -modify command updates the service configuration file and the environment configuration file by removing the old files and creating new files with the updated options and environment variables. Any comments that may have been manually added to these configuration files are not preserved.-replace -name=SERVICENAME -ServiceType=logmonitor [options]... [VARIABLE=VALUE]... The -replace command is used to replace an existing Audit Log Service with a new Audit Log Service with the same name. The -replace command is effectively the same as a -remove command followed by an -install command. After updating the configuration files, the -replace command restarts the service. Note that when specifying variables on the command line, you must prefix them with a dash if you are referring to settings such as DisplayName, or without a dash if you are referring to environment variables.-remove -name=SERVICENAME The -remove command is used to remove an existing Audit Log Service. The -remove command will remove the configuration files (ini and env) and the corresponding operating system service. If the service is running when the -remove command is executed, the -remove command will first stop the service and then remove the service. Configuration - Options
| |||||||
For example, here is a command to create a log monitor: | ||||||||
Line: 195 to 272 | ||||||||
To define FMS group, go to System Administration, Configuration, Log Profile press F9 to add a new profile. You can name it anything you want. For server name you must give it your server name:port number that you created earlier with appxAuditMgr: | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | ||||||||
Then click on Log File Parameters and make sure you check parameters that you wish to log: | ||||||||
Line: 337 to 414 | ||||||||
Changed: | ||||||||
< < | -- SteveFrizzell - 20 Jun 2008 | |||||||
> > | -- SteveFrizzell - 20 Jun 2008 | |||||||
|