Difference: APPXAuditLog (9 vs. 10)

Revision 102008-10-15 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Audit Log Feature 

Line: 45 to 45
 -rwsrwxr-x 1 root appxgrp 636843 Jul 11 07:31 appxAuditMgr
Changed:
<
<

Creating and Configuring the APPX Audit Log Service

>
>

Creating and Configuring an Audit Log Service

 
Changed:
<
<		On Unix/Linux systems, an instance of the APPX Audit Log Service is initially created, configured, and started by running the appxAuditMgr command with the -install option. At least one appropriately configured instance of the APPX Audit Log Service must be created, configured, and started before running an APPX session for which file I/O activity is to be logged. You may create, configure, and start as many different instances of the APPX Audit Log Service as you desire. However, each concurrently running instance must be configured to receive file I/O audit data on a different TCP/IP port.
>
>		On Unix/Linux systems, an instance of the APPX Audit Log Service is initially created, configured, and started by running the appxAuditMgr command with the -install option. At least one appropriately configured instance of the APPX Audit Log Service must be created, configured, and started before running an APPX session for which file I/O activity is to be logged. You may create, configure, and start as many different instances of the APPX Audit Log Service as you desire. However, each concurrently running instance must be configured to receive file I/O audit data on a different TCP/IP port.   Each instance of the Audit Log Service will log file I/O activity to a separate xml file.  By creating more than one instance of the APPX Audit Log Service, you can separate the file I/O activity that is logged into separate files by assigning different Log Profiles to FMS groups or individual files.
 

Creating an Audit Log Service

Changed:
<
<		Before file I/O activity can be logged, at least one instance of an APPX Connection Service must be configured and started.
>
>		Before file I/O activity can be logged, at least one instance of an APPX Audit Log Service must be configured and started.
  The -install option of the appxAuditMgr command is used to initially create, configure, and start an instance of the APPX Audit Log Service. The following steps are performed:
  1. A configuration file (ini) is created
Line: 58 to 58
 
  1. A service is created, including required init files and links. ( On Red Hat, /etc/init.d/ )
  2. The service is started
Changed:
<
<		For compete information on using the -install option of the appxAuditMgr command, please refer to the usage section of this page.
>
>		When creating an instance of the APPX Audit Log Service, you must provide the Service Name, Service Type, and TCP/IP Port Number.  For compete information on using the -install option of the appxAuditMgr command, please refer to the usage section of this page.
 

Service Name 

Line: 68 to 68
 When creating an instance of an APPX Audit Log Service, the -ServiceType option must be specified.  The value of this option must be "logmonitor".

TCP/IP Port Number

When creating an instance of an APPX Audit Log Service, the -SockPort option must be used to specify the TCP/IP port number on which the service is to listen for audit logging requests. Any available TCP/IP port number may be specified when installing an instance of the APPX Audit Log Service. However, as a matter of convention, most APPX administrators configure the APPX Audit Log Service to listen for connections on port 8070. If additional instances of the APPX Audit Log Service are configured, each instance is typically assigned the next available port number after 8070.
Changed:
<
<

Changing an Audit Log Service

>
>

Changing the Configuration of an Audit Log Service

  Two methods are available for modifying an existing instance of an APPX Audit Log Service.

Method 1 - The APPX Audit Log Manager Command (appxAuditMgr)

The -modify command and the -replace command of the appxAuditMgr tool can be used to modify or replace a previously configured instance of the APPX Audit Log Service. These options update the existing APPX Audit Log Service configuration files (ini and env) with the options specified. If you use this technique, the service will be automatically restarted for you, using the new settings. Note that when specifying options on the command line, you must prefix them with a dash.

Method 2 - Text Editor

Changed:
<
<		A text editor can be used to directly edit the APPX Audit Log Service configuration files (ini and env). The configuration files include comments to help you make the desired changes. If you use this method to modify an existing configuration, you should exercise care to ensure that the syntax is correct. The preferred method for modifying an APPX Audit Log Service configuration is with Method 1 above.
>
>		A text editor can be used to directly edit the APPX Audit Log Service configuration files (ini and env). The configuration files include comments to help you make the desired changes. If you use this method to modify an existing configuration, you should exercise care to ensure that the syntax is correct. The preferred method for modifying an APPX Audit Log Service configuration is with Method 1 above.  When you edit the configuration files for an instance of the APPX Audit Log Service with a text editor, you must restart the service before the changes take effect.
 

Managing an Audit Log Service

Two methods are available for managing an existing instance of the APPX Audit Log Service.

Changed:
<
<
>
>
 

Method 1 - appxAuditMgr command

Changed:
<
<		The appxAuditMgr command can be used to manage an instance of the APPX Audit Log Service. The appxAuditMgr command can be used to start, stop, restart, or display the status of an instance of an APPX Audit Log Service.

Method 2 - O/S Services

Your operating system includes commands or programs that can be used to manage services. APPX Audit Log Services can be managed with these tools. The actual commands and programs vary depending on your operating system. Red Hat uses the command line tool service

>
>		The appxAuditMgr command can be used to manage an instance of the APPX Audit Log Service. The appxAuditMgr command can be used to start, stop, restart, or display the status of an instance of an APPX Audit Log Service. The following example shows how to use the appxLogMgr command to check on the status of an APPX Audit Log Service. 
[root@500test tools]# appxLogMgr -status logmon-8436 
up and running (process 2390 servicing port 8436)

Method 2 - O/S Services 

 
Changed:
<
<		.
>
>		Your operating system includes commands or programs that can be used to manage services. APPX Audit Log Services can be managed with these tools. The actual commands and programs vary depending on your operating system. Red Hat uses the service command. The following example shows how to use the Red hat service command to check on the status of an APPX Audit Log Service.
 
Changed:
<
<		[root@tubes tools]# service appxd-8060 status Warning - the engine that you named has the setuid bit enabled, you may not want that bit set for the authentication method that you have chosen (OS-User) To turn off the setuid bit, chmod u-s ../appx up and running (process 13893 servicing port 8060) [root@tubes tools]#
>
>

[root@500test tools]# service logmon-8436 status up and running (process 2390 servicing port 8436)

 
Changed:
<
<

Notes

>
>

Usage (appxAuditMgr)

Synopsis - Service Configuration

The appxAuditMgr service configuration commands are used to create, configure, and remove an instance of an APPX Audit Log Service.

appxAuditMgr -install -ServiceType=logmonitor -SockPort=[TCP-Port] [options]... [VARIABLE=VALUE]...

appxLoginMgr -modify -serviceName=SERVICENAME [options]... [VARIABLE=VALUE]...

appxLoginMgr -replace -serviceName=SERVICENAME -ServiceType=logmonitor [options]... [VARIABLE=VALUE]...

appxLoginMgr -remove -serviceName=SERVICENAME

Configuration - Commands

-install -name=SERVICENAME -ServiceType=logmonitor [options]... [VARIABLE=VALUE]...

-install -port=PORT -ServiceType=logmonitor [options]... [VARIABLE=VALUE]...

The -install command is used to configure a new instance of an APPX Audit Log Service. Either form of the install command may be used.

The first form of the -install command requires only that a service name and service type be specified. All other options are optional including the TCP/IP port. Any option not specified will be configured with an appropriate default value.

The second form of the -install command requires only that a TCP/IP port and service type be specified. All other options are optional including the ServiceName. Any option not specified will be configured with an appropriate default value.

Both forms of the -install command allow additional configuration options to be specified. The configuration options specified are stored in the service configuration file (ini).

Both forms of the -install command optionally allow values to be specified for environment variables. If specified, the environment variables and their values are stored in the environment configuration file (env). There is currently no need to set any environment variables.

In addition to creating the service configuration file and the environment configuration file, the -install command also creates an operating system service that will be automatically started when the computer system is started.

 
Added:
>
>		After creating the configuration files and the operating system service, the -install command starts the service. -modify -name=SERVICENAME [options]... [VARIABLE=VALUE]...

The -modify command is used to modify the configuration of an existing Audit Log Service. The specified options will be updated in the service configuration files. Any options not specified will not be changed. After updating the configuration files, the -modify command restarts the service.

Note that when specifying variables on the command line, you must prefix them with a dash if you are referring to settings such as DisplayName, or without a dash if you are referring to environment variables.

Note that the -modify command updates the service configuration file and the environment configuration file by removing the old files and creating new files with the updated options and environment variables.  Any comments that may have been manually added to these configuration files are not preserved.

-replace -name=SERVICENAME -ServiceType=logmonitor [options]... [VARIABLE=VALUE]...

The -replace command is used to replace an existing Audit Log Service with a new Audit Log Service with the same name. The -replace command is effectively the same as a -remove command followed by an -install command. After updating the configuration files, the -replace command restarts the service. Note that when specifying variables on the command line, you must prefix them with a dash if you are referring to settings such as DisplayName, or without a dash if you are referring to environment variables.

-remove -name=SERVICENAME

The -remove command is used to remove an existing Audit Log Service. The -remove command will remove the configuration files (ini and env) and the corresponding operating system service. If the service is running when the -remove command is executed, the -remove command will first stop the service and then remove the service.

Configuration - Options

Options - General
-name, -ServiceName=SERVICENAME
The ServiceName uniquely identifies an APPX Audit Log Service. When creating (installing) an Audit Log Service, the SERVICENAME value may be any string value that conforms to the rules for valid filenames on your server. If this option is omitted when an Audit Log Service is being created, the Audit Log Service will be created with a default ServiceName based on the following template: "appxd-" followed by the specified TCP/IP port number, e.g "appxd-8060".

-DisplayName=DISPLAYNAME

The DisplayName is a "user-friendly" descriptive name for an Audit Log Service. The DISPLAYNAME value will appear in your system's Services control panel and will be displayed by the ps command. If you don't specify a DISPLAYNAME when an Audit Log Service is being created, the Audit Log Service will be created with a DISPLAYNAME based on the SERVICENAME.

-LogDirectory={/tmp, LOGDIR}

When the service is started, two log files are created in the LOGDIR directory - an Audit Log Service log file (.log) and a status file (.stat). Both log files have the same name as the ServiceName but one has a file extension of .log and the other has a file extension of .stat. If the LogDirectory option is not specified, the log files are created in the /tmp directory.

-ServiceType=logmonitor

The only valid value when configuring an Audit Log Service is "logmonitor". Note: This option must be specified.

-ServiceDisable={true, false}

This option can be used to temporarily disable or "turn off" the Audit Log Service. If set to true, the Audit Log Service will still run but it will not accept requests to log data from APPX sessions.

-initScript={lsb, RedHat}

Used with -install option to specify the type of operating system that the service script is to be created for. If this option is not specified, appxAuditMgr will determine which type of service script to install.
Options - Audit Log
-LogNamePattern={/tmp/logmon%N.xml, AUDITLOGPATHNAME}

The LogNamePattern identifies the path and the file name for the audit log files that will be created by the Audit Log Service.  The file name can include a pattern to ensure that each file created by the Audit Log Service will have a unique name.

-LogRotationInterval={86400, MAXSECONDS}

The LogRotationInterval identifies the maximum time in seconds that an Audit Log file should be used before being closed and a new audit log file is created.  The default value of 86000 is the number of seconds in one day so, by default, the Audit Log Service will create a new audit log file each day

-LogRotationSize={1G, MAXSIZE}

The LogRotationSize is the maximum size that an Audit Log file is allowed to be.  When an audit log file reaches the specified MAXSIZE, it will be closed and a new audit log file will be created.
Options - TCP/IP
-port, -SockPort={8060, PORT}
Configure the service to listen for connection requests on the specified TCP/IP PORT number. This option is required with the -install option. You may choose any TCP/IP PORT number that is not reserved or already being used on your system.

Notes

 For example, here is a command to create a log monitor:
Line: 195 to 272
  To define FMS group, go to System Administration, Configuration, Log Profile press F9 to add a new profile. You can name it anything you want. For server name you must give it your server name:port number that you created earlier with appxAuditMgr:
Changed:
<
<
@0 1 0" _moz-userdefined="">@1" _moz-userdefined="">@2 1 2" _moz-userdefined="">@3 21600 pixelWidth" _moz-userdefined="">@3 21600 pixelHeight" _moz-userdefined="">@0 0 1" _moz-userdefined="">servername:8064
>
>
@0 1 0" _moz-userdefined="">@1" _moz-userdefined="">@2 1 2" _moz-userdefined="">@3 21600 pixelWidth" _moz-userdefined="">@3 21600 pixelHeight" _moz-userdefined="">@0 0 1" _moz-userdefined="">servername:8064
  Then click on Log File Parameters and make sure you check parameters that you wish to log:
Line: 337 to 414
  
<--/commentPlugin-->
Changed:
<
<		-- SteveFrizzell - 20 Jun 2008
>
>		-- SteveFrizzell - 20 Jun 2008
 
META FILEATTACHMENT attachment="structure.xslt" attr="" comment="xslt program to extract file create events" date="1219770121" name="structure.xslt" path="structure.xslt" size="1629" stream="structure.xslt" user="Main.JeanNeron" version="1"
META FILEATTACHMENT attachment="subrs.xslt" attr="" comment="xslt program to extract subroutine calls" date="1219770177" name="subrs.xslt" path="subrs.xslt" size="1866" stream="subrs.xslt" user="Main.JeanNeron" version="1"
View topic | History: r25 < r24 < r23 < r22 | More topic actions...
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback