Difference: APPXAuditLog (12 vs. 13)

Revision 132008-10-28 - SteveFrizzell

 			 META TOPICPARENT 
			 name="APPX500Features" 
		

 APPX Audit Log Feature
- META TOPICPARENT
+ name="APPX500Features"
 The APPX Audit Log Manager ( appxAuditMgr) command is installed automatically when you install APPX on your system. The installer sets the necessary owner and group permissions for the appxAuditMgr command. So, there is nothing additional that you need to do to install the appxAuditMgr command. However, after you install APPX, you will need to run the appxAuditMgr command to configure and start an instance of the APPX Audit Log Service to enable logging of file audit information for APPX sessions.
-<
<
+The appxAuditMgr command is installed into the "tools" subdirectory of the directory where you installed APPX. So, if you installed APPX in "/usr/local/appx", the full pathname of the appxAuditMgr command will be "/usr/local/appx/tools/appxAuditMgr".
->
>
+The appxAuditMgr command is installed into the "services" subdirectory of the directory where you installed APPX. So, if you installed APPX in "/usr/local/appx", the full pathname of the appxAuditMgr command will be "/usr/local/appx/services/appxAuditMgr".
 The appxAuditMgr command must run with the permissions of the root user. Therefore, the owner of the appxAuditMgr command should be the root user and the SUID bit should be set so that the appxAuditMgr command can be run by users other than root but still be run with the permissions of the root user.
-<
<
+cd /usr/local/appx/tools
->
>
+cd /usr/local/appx/services
 chown root appxAuditMgr
chgrp appxgrp appxAuditMgr
chmod 4775 appxAuditMgr
  Service Name
-<
<
+Each instance of an APPX Audit Log Service must have a unique name. When creating an instance of a service, the -name option may be used to specify the name that you want the service to have. If you do not specify a name, a name will be assigned for you for example, appxd-8060.
->
>
+Each instance of an APPX Audit Log Service must have a unique name. When creating an instance of a service, the -name option may be used to specify the name that you want the service to have. If you do not specify a name, a name will be assigned for you for example, appxd-8070.
  Service Type 

When creating an instance of an APPX Audit Log Service, the -ServiceType option must be specified.  The value of this option must be "logmonitor".
 The appxAuditMgr command can be used to manage an instance of the APPX Audit Log Service. The appxAuditMgr command can be used to start, stop, restart, or display the status of an instance of an APPX Audit Log Service. The following example shows how to use the appxLogMgr command to check on the status of an APPX Audit Log Service.
-<
<
+[root@500test tools]# appxLogMgr -status logmon-8436 
up and running (process 2390 servicing port 8436)
->
>
+[root@500test services]# appxLogMgr -status appxLog8070 
up and running (process 2390 servicing port 8070)
  Method 2 - O/S Services  

Your operating system includes commands or programs that can be used to manage services. APPX Audit Log Services can be managed with these tools. The actual commands and programs vary depending on your operating system. Red Hat uses the service command. The following example shows how to use the Red hat service command to check on the status of an APPX Audit Log Service.
-<
<
+[root@500test tools]# service logmon-8436 status 
up and running (process 2390 servicing port 8436)
->
>
+[root@500test services]# service appxLog8070 status 
up and running (process 2390 servicing port 8070)
  Usage (appxAuditMgr)
 Example 2 - Configure and start a new instance of the Audit Log Service that will listen for audit log requests on port 8070.  The service name and descriptive name are also specified.
-<
<
+appxAuditMgr -install -port=8070 -name=appx8070 -displayName="Appx-Audit-Log(8070)" -ServiceType=logmonitor
->
>
+appxAuditMgr -install -port=8070 -name=appxLog8070 -displayName="Appx-Audit-Log(8070)" -ServiceType=logmonitor
 Example 2 - Display the status of an instance of the Audit Log Service:
-<
<
+appxAuditMgr -status appx8070
->
>
+appxAuditMgr -status appxLog8070
 Example 3 - Shutdown a running instance of the Audit Log Service:
-<
<
+appxAuditMgr -stop appx8070
->
>
+appxAuditMgr -stop appxLog8070
 Example 4 - Start a previously configured instance of the Audit Log Service:
-<
<
+appxAuditMgr -start appx8070
->
>
+appxAuditMgr -start appxLog8070
 Example 5 - Modify the Display Name and the maximum size of the log of an existing service:
-<
<
+appxLoginMgr -modify -name=appx8070 -displayName="Big Audit Log" -LogRotationSize=10G
->
>
+appxLoginMgr -modify -name=appxLog8070 -displayName="Big Audit Log" -LogRotationSize=10G
  The Configuration File (ini)
-<
<
+Each instance of an APPX Connection Service has a configuration file that is used to store the various parameters relating to that specific instance of the connection service.
->
>
+Each instance of an APPX Audit Log Service has a configuration file that is used to store the various parameters relating to that specific instance of the connection service.
 The -install option of the appxLoginMgr command creates the configuration file when the service is created.
-<
<
+The name of the configuration file is the concatenation of the service name and ".ini". For example, if the service name is "appxd-8430", the name of the configuration file will be "appxd-8430.ini".
->
>
+The name of the configuration file is the concatenation of the service name and ".ini". For example, if the service name is "appxLog8070", the name of the configuration file will be "appxLog8070.ini".
-<
<
+The configuration file is created in whichever directory is your current directory at the time that the appxLoginMgr command is run to create the service. Therefore, before you run the appxLoginMgr command to create a service, you must first change to the directory where you want the configuration file to reside. For example, if you want the configuration file to be created in the APPX tools directory, you should change to the tools directory before you run the appxLoginMgr command.
->
>
+The configuration file is created in whichever directory is your current directory at the time that the appxLoginMgr command is run to create the service. Therefore, before you run the appxLoginMgr command to create a service, you must first change to the directory where you want the configuration file to reside. For example, if you want the configuration file to be created in the APPX services directory, you should change to the services directory before you run the appxLoginMgr command.
-<
<
+The name of the configuration file and the location of the configuration file should not be changed. The service that is created will not work correctly if the name or the location of the configuration file is changed.
->
>
+Once created, the name of the configuration file and the location of the configuration file should not be changed. The service that is created will not work correctly if the name or the location of the configuration file is changed. 

Note: The Configuration file for an APPX Audit Log service (as shown below) looks very much like the configuration file for an APPX Login Manager service.  You should ignore the configuration options that do not apply to an APPX Audit Log service.  These irrelevant options are of no consequence and will be removed in a future release.
-<
<
+# Appx connection manager configuration file
->
>
+# Appx connection manager configuration file
+#
-<
<
+#   You can change this file by hand, or
#   use the uappxd program for better results
->
>
+#   You can change this file by hand, or
#   use the uappxd program for better results
+#
-<
<
+#   blank lines are ignored
->
>
+#   blank lines are ignored
+#
-<
<
+#   anything following a '#' is treated as a comment
->
>
+#   anything following a '#' is treated as a comment
+#
-<
<
+#   case is not important on the left-hand side
#   properties whose descriptions end in a '?' are
#   boolean and should be set to true or false
# --------------------------------------------------
# AppxApplication         =                     #startup application for spawned engines
# AppxDatabase            =                     #startup database for spawned engines
AppxExecutable            = /usr/local/appx/appx    #pathname to Appx engine
# AppxProcessName         =                     #startup process name for spawned engines
# AppxProcessType         =                     #startup process type for spawned engines
AuthenticationMethod      = OS-User             #authentication method (OS-User, Appx-User, HT-User(filename))
DisplayName               = Login-8430          #descriptive name
ImpersonateGID            = true                #change effective grouo ID for spawned engines?
ImpersonateGroup          = NamedGroup(appxgrp) #[LogonUser, NamedGroup(groupname), ServiceOwner]
ImpersonateUID            = true                #change effective user ID for spawned engines?
ImpersonateUser           = NamedUser(appx)     #[LogonUser, NamedUser(username), ServiceOwner]
# IncludeSystemEnv        = true                #include service environment variables in spawned engines?
# LogDirectory            = /tmp                #directory where log file should reside
# LogNamePattern          = /tmp/appxlog%N.xml  #audit log filename pattern (see man strftime for details
# LogRotationInterval     = 86400               #number of seconds between audit log rotations
# LogRotationSize         = 1G                  #maximum audit log file size
# RequireSSL              = false               #Require SSL-secured connections?
# RequireSSLClientCertificates = false          #require SSL-client certificates?
# ServerCertificateFile   =                     #pathname of server's X509 certificate (leave blank for anonymous connections
# ServerPrivateKeyFile    =                     #pathname of server's private key file (unlocks the ServerCertificateFile)
# ServerPrivateKeyPassphrase =                  #passphrase that unlocks ServerPrivateKeyFile
# ServiceDisable          = false               #disable this service?
# ServiceDisableAppxKeys  = false               #disable keyboard mapping?
# ServiceDisableFMS       = false               #disable AppxNET connections?
# ServiceDisableLogins    = false               #disable interactive logins?
# ServiceEnableCmds       = true                #allow client-side startup options?
ServiceName               = appxd-8430          #name of service
ServiceType               = login               #service type (login or logmonitor)
SockPort                  = 8430                #port number to service
# SSLMode                 = optional            #SSL connection type (optional, required, disabled)
# TCPEnableKeepAlive      = true                #Enable TCP dead-connection detection
# TCPKeepCount            = 8                   #Maximum number of keep-alive pings
# TCPKeepIdle             = 300                 #Idle time before ping sent to client (in seconds)
# TCPKeepInterval         = 60                  #Interval between keep-alive pings
# TCPNoDelay              = true                #disable TCP packet filling delay?
# TrustedCAFile           =                     #determines which client certificates to trust
# Umask                   =                     #umask (file creation mask) given to spawned engines
->
>
+#   case is not important on the left-hand side
#   properties whose descriptions end in a '?' are
#   boolean and should be set to true or false
# --------------------------------------------------# AppxApplication            =                     #startup application for spawned engines
# AppxDatabase               =                     #startup database for spawned engines
AppxExecutable               = /usr/local/appx500/appx#pathname to Appx engine
# AppxProcessName            =                     #startup process name for spawned engines
# AppxProcessType            =                     #startup process type for spawned engines
# AuthenticationMethod       = OS-User             #authentication method (OS-User, Appx-User, HT-User(filename))
DisplayName                  = AppxLog8070         #descriptive name
# ImpersonateGID             = true                #change effective grouo ID for spawned engines?
# ImpersonateGroup           = User                #[LogonUser, NamedGroup(groupname), ServiceOwner]
# ImpersonateUID             = true                #change effective user ID for spawned engines?
# ImpersonateUser            = LogonUser           #[LogonUser, NamedUser(username), ServiceOwner]
# LoadSystemEnvironment      = true                #load default system-defined environment variables into spawned engines?
# LogDirectory               = /tmp                #directory where log file should reside
# LogNamePattern             = /tmp/appxlog%N.xml  #audit log filename pattern (see man strftime for details
# LogRotationInterval        = 86400               #number of seconds between audit log rotations
# LogRotationSize            = 1G                  #maximum audit log file size
# RequireSSL                 = false               #Require SSL-secured connections?
# RequireSSLClientCertificates = false               #require SSL-client certificates?
# ServerCertificateFile      =                     #pathname of server's X509 certificate (leave blank for anonymous connections
# ServerPrivateKeyFile       =                     #pathname of server's private key file (unlocks the ServerCertificateFile)
# ServerPrivateKeyPassphrase =                     #passphrase that unlocks ServerPrivateKeyFile
# ServiceDisable             = false               #disable this service?
# ServiceDisableAppxKeys     = false               #disable keyboard mapping?
# ServiceDisableFMS          = false               #disable AppxNET connections?
# ServiceDisableLogins       = false               #disable interactive logins?
# ServiceEnableCmds          = true                #allow client-side startup options?
ServiceName                  = AppxLog8070         #name of service
ServiceType                  = logmonitor          #service type (login or logmonitor)
SockPort                     = 8070                #port number to service
# SSLMode                    = Optional            #SSL connection type (optional, required, disabled)
# TCPEnableKeepAlive         = true                #Enable TCP dead-connection detection
# TCPKeepCount               = 8                   #Maximum number of keep-alive pings
# TCPKeepIdle                = 300                 #Idle time before ping sent to client (in seconds)
# TCPKeepInterval            = 60                  #Interval between keep-alive pings
# TCPNoDelay                 = true                #disable TCP packet filling delay?
# TrustedCAFile              =                     #determines which client certificates to trust
# Umask                      =                     #umask (file creation mask) given to spawned engines
  The Environment File (env)

View topic | History: r25 < r24 < r23 < r22 | More topic actions...