Difference: APPXAuditLog (8 vs. 9)

Revision 92008-10-14 - SteveFrizzell

 			 META TOPICPARENT 
			 name="APPX500Features"
- META TOPICPARENT
+ name="APPX500Features"
-<
<
+ APPX Audit Log
->
>
+ APPX Audit Log Feature
-<
<
+This page describes how to install the APPX Audit Log Manager and how to use it to install, configure, and manage APPX Audit Log Services on Unix/Linux systems.
->
>
+This page describes the APPX Audit Log feature and provides instructions for enabling the APPX Audit Log feature.
   APPX Audit Log Feature 
  Overview
   Installing the APPX Audit Log Manager Command ( appxAuditMgr)
   Creating and Configuring an Audit Log Service 
  Creating an Audit Log Service 
  Service Name
   Service Type
   TCP/IP Port Number
 
   Changing the Configuration of an Audit Log Service 
  Method 1 - The APPX Audit Log Manager Command (appxAuditMgr)
   Method 2 - Text Editor/Regedit
 
 
   Managing an Audit Log Service 
  Method 1 - appxAuditMgr command
   Method 2 - O/S Services
 
   Usage (appxAuditMgr) 
  Synopsis - Service Configuration 
  Configuration - Commands
   Configuration - Options 
  Options - General
   Options - Audit Log
   Options - TCP/IP
 
   Configuration - Environment Variables
 
   Synopsis - Service Management
 
   EXAMPLES
   The Configuration File (ini) or Registry
   The Environment File (env) or Registry
   The Status File (stat) (Linux only)
   The Log File (log)
   Issues:
   Notes 
  More About Log Profiles
   More About the xml Audit Log file 
  Using a Pattern in a Log File Name
 
   How to Rotate the Audit Log File
   How to View Audit Log Events 
  Databases
 
   Audit Log Events
 
   Sample scripts
   Comments:
 
 
 
 Overview
-<
<
+The APPX Audit Log feature creates an xml log of APPX file activity.  The feature can be enabled for individual files or for groups of files using the FMS group feature of APPX.  The level of detail can be configured to optionally include read, write, rewrite, delete, create, and restructure events.
->
>
+The APPX Audit Log feature creates an xml log of APPX file I/O activity.  The feature can be enabled for individual files or for groups of files using the FMS group feature of APPX.  The level of activity detail logged can be configured to optionally include read, write, rewrite, delete, create, and restructure events. 

To enable the APPX Audit Log feature, you must configure and start an instance of the APPX Audit Log Service, you must define a Log Profile in APPX System Administration, and you must assign the Log Profile to an FMS Group or to individual files. The APPX Audit Log Service receives logging requests from the various APPX sessions and writes the audit data to the log file.
  Installing the APPX Audit Log Manager Command ( appxAuditMgr) 

The APPX Audit Log Manager ( appxAuditMgr) command is installed automatically when you install APPX on your system. The installer sets the necessary owner and group permissions for the appxAuditMgr command. So, there is nothing additional that you need to do to install the appxAuditMgr command. However, after you install APPX, you will need to run the appxAuditMgr command to configure and start an instance of the APPX Audit Log Service to enable logging of file audit information for APPX sessions.
 The appxAuditMgr command must run with the permissions of the root user. Therefore, the owner of the appxAuditMgr command should be the root user and the SUID bit should be set so that the appxAuditMgr command can be run by users other than root but still be run with the permissions of the root user.
-<
<
+In the event that it is necessary to reset the permissions on the appxAuditMgr command, the following commands can be run by the root user to set the necessary owner and group permissions for the appxLoginMgr command.
->
>
+In the event that it is necessary to reset the permissions of the appxAuditMgr command, the following commands can be run by the root user to set the necessary owner and group permissions for the appxAuditMgr command.
 -rwsrwxr-x 1 root appxgrp    636843 Jul 11 07:31 appxAuditMgr
-<
<
+ Overview x
->
>
+ Creating and Configuring the APPX Audit Log Service 

On Unix/Linux systems, an instance of the APPX Audit Log Service is initially created, configured, and started by running the appxAuditMgr command with the -install option. At least one appropriately configured instance of the APPX Audit Log Service must be created, configured, and started before running an APPX session for which file I/O activity is to be logged. You may create, configure, and start as many different instances of the APPX Audit Log Service as you desire. However, each concurrently running instance must be configured to receive file I/O audit data on a different TCP/IP port. 
 Creating an Audit Log Service 

Before file I/O activity can be logged, at least one instance of an APPX Connection Service must be configured and started. 

The -install option of the appxAuditMgr command is used to initially create, configure, and start an instance of the APPX Audit Log Service. The following steps are performed:  

 A configuration file (ini) is created
  An environment file (env) is created
  A service is created, including required init files and links. ( On Red Hat, /etc/init.d/ )
  The service is started
 

For compete information on using the -install option of the appxAuditMgr command, please refer to the usage section of this page. 

 Service Name  

Each instance of an APPX Audit Log Service must have a unique name. When creating an instance of a service, the -name option may be used to specify the name that you want the service to have. If you do not specify a name, a name will be assigned for you for example, appxd-8060. 
 Service Type 

When creating an instance of an APPX Audit Log Service, the -ServiceType option must be specified.  The value of this option must be "logmonitor". 
 TCP/IP Port Number 
When creating an instance of an APPX Audit Log Service, the -SockPort option must be used to specify the TCP/IP port number on which the service is to listen for audit logging requests. Any available TCP/IP port number may be specified when installing an instance of the APPX Audit Log Service. However, as a matter of convention, most APPX administrators configure the APPX Audit Log Service to listen for connections on port 8070. If additional instances of the APPX Audit Log Service are configured, each instance is typically assigned the next available port number after 8070. 
 Changing an Audit Log Service 

Two methods are available for modifying an existing instance of an APPX Audit Log Service. 

 Method 1 - The APPX Audit Log Manager Command (appxAuditMgr) 
The -modify command and the -replace command of the appxAuditMgr tool can be used to modify or replace a previously configured instance of the APPX Audit Log Service. These options update the existing APPX Audit Log Service configuration files (ini and env) with the options specified. If you use this technique, the service will be automatically restarted for you, using the new settings. Note that when specifying options on the command line, you must prefix them with a dash. 
 Method 2 - Text Editor 
A text editor can be used to directly edit the APPX Audit Log Service configuration files (ini and env). The configuration files include comments to help you make the desired changes. If you use this method to modify an existing configuration, you should exercise care to ensure that the syntax is correct. The preferred method for modifying an APPX Audit Log Service configuration is with Method 1 above.
 Managing an Audit Log Service
-<
<
+A new service has been added in Release 5.0 - appxAuditMgr. It accepts the same command parameters as appxLoginMgr, with the addition of the --serviceType=logmonitor flag that indicates it is to run as a log monitor, not a login manager. The appxAuditMgr program is located in the services directory of your Appx installation. For example, here is a command to create a log monitor:
->
>
+Two methods are available for managing an existing instance of the APPX Audit Log Service. 

 Method 1 - appxAuditMgr command 

The appxAuditMgr command can be used to manage an instance of the APPX Audit Log Service. The appxAuditMgr command can be used to start, stop, restart, or display the status of an instance of an APPX Audit Log Service. 
 Method 2 - O/S Services 

Your operating system includes commands or programs that can be used to manage services. APPX Audit Log Services can be managed with these tools. The actual commands and programs vary depending on your operating system. Red Hat uses the command line tool service 

. 
[root@tubes tools]# *service appxd-8060 status*
Warning - the engine that you named has the setuid bit enabled,
          you may not want that bit set for the authentication
          method that you have chosen (OS-User)
     To turn off the setuid bit, chmod u-s ../appx
up and running (process 13893 servicing port 8060)
[root@tubes tools]# 

 Notes 

For example, here is a command to create a log monitor:
 ./appxAuditMgr -install -serviceType=logmonitor -name=myLogMonitor -port=8064
 To define FMS group, go to System Administration, Configuration, Log Profile press F9 to add a new profile. You can name it anything you want. For server name you must give it your server name:port number that you created earlier with appxAuditMgr:
-<
<
+@0 1 0" _moz-userdefined="">@1" _moz-userdefined="">@2 1 2" _moz-userdefined="">@3 21600 pixelWidth" _moz-userdefined="">@3 21600 pixelHeight" _moz-userdefined="">@0 0 1" _moz-userdefined="">servername:8064
->
>
+@0 1 0" _moz-userdefined="">@1" _moz-userdefined="">@2 1 2" _moz-userdefined="">@3 21600 pixelWidth" _moz-userdefined="">@3 21600 pixelHeight" _moz-userdefined="">@0 0 1" _moz-userdefined="">servername:8064
 Then click on Log File Parameters and make sure you check parameters that you wish to log:

View topic | History: r25 < r24 < r23 < r22 | More topic actions...