Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Changed: | ||||||||
< < | APPX Audit Log | |||||||
> > | APPX Audit Log Feature | |||||||
Changed: | ||||||||
< < | This page describes how to install the APPX Audit Log Manager and how to use it to install, configure, and manage APPX Audit Log Services on Unix/Linux systems. | |||||||
> > | This page describes the APPX Audit Log feature and provides instructions for enabling the APPX Audit Log feature. | |||||||
Overview | ||||||||
Changed: | ||||||||
< < | The APPX Audit Log feature creates an xml log of APPX file activity. The feature can be enabled for individual files or for groups of files using the FMS group feature of APPX. The level of detail can be configured to optionally include read, write, rewrite, delete, create, and restructure events. | |||||||
> > | The APPX Audit Log feature creates an xml log of APPX file I/O activity. The feature can be enabled for individual files or for groups of files using the FMS group feature of APPX. The level of activity detail logged can be configured to optionally include read, write, rewrite, delete, create, and restructure events. To enable the APPX Audit Log feature, you must configure and start an instance of the APPX Audit Log Service, you must define a Log Profile in APPX System Administration, and you must assign the Log Profile to an FMS Group or to individual files. The APPX Audit Log Service receives logging requests from the various APPX sessions and writes the audit data to the log file. | |||||||
Installing the APPX Audit Log Manager Command ( appxAuditMgr)The APPX Audit Log Manager ( appxAuditMgr) command is installed automatically when you install APPX on your system. The installer sets the necessary owner and group permissions for the appxAuditMgr command. So, there is nothing additional that you need to do to install the appxAuditMgr command. However, after you install APPX, you will need to run the appxAuditMgr command to configure and start an instance of the APPX Audit Log Service to enable logging of file audit information for APPX sessions. | ||||||||
Line: 17 to 19 | ||||||||
The appxAuditMgr command must run with the permissions of the root user. Therefore, the owner of the appxAuditMgr command should be the root user and the SUID bit should be set so that the appxAuditMgr command can be run by users other than root but still be run with the permissions of the root user. | ||||||||
Changed: | ||||||||
< < | In the event that it is necessary to reset the permissions on the appxAuditMgr command, the following commands can be run by the root user to set the necessary owner and group permissions for the appxLoginMgr command. | |||||||
> > | In the event that it is necessary to reset the permissions of the appxAuditMgr command, the following commands can be run by the root user to set the necessary owner and group permissions for the appxAuditMgr command. | |||||||
| ||||||||
Line: 43 to 45 | ||||||||
-rwsrwxr-x 1 root appxgrp 636843 Jul 11 07:31 appxAuditMgr | ||||||||
Changed: | ||||||||
< < | Overview x | |||||||
> > | Creating and Configuring the APPX Audit Log ServiceOn Unix/Linux systems, an instance of the APPX Audit Log Service is initially created, configured, and started by running the appxAuditMgr command with the -install option. At least one appropriately configured instance of the APPX Audit Log Service must be created, configured, and started before running an APPX session for which file I/O activity is to be logged. You may create, configure, and start as many different instances of the APPX Audit Log Service as you desire. However, each concurrently running instance must be configured to receive file I/O audit data on a different TCP/IP port.Creating an Audit Log ServiceBefore file I/O activity can be logged, at least one instance of an APPX Connection Service must be configured and started. The -install option of the appxAuditMgr command is used to initially create, configure, and start an instance of the APPX Audit Log Service. The following steps are performed:
Changing an Audit Log ServiceTwo methods are available for modifying an existing instance of an APPX Audit Log Service.
Managing an Audit Log Service | |||||||
Changed: | ||||||||
< < | A new service has been added in Release 5.0 - appxAuditMgr. It accepts the same command parameters as appxLoginMgr, with the addition of the --serviceType=logmonitor flag that indicates it is to run as a log monitor, not a login manager. The appxAuditMgr program is located in the services directory of your Appx installation. For example, here is a command to create a log monitor: | |||||||
> > | Two methods are available for managing an existing instance of the APPX Audit Log Service.
. [root@tubes tools]# *service appxd-8060 status* Warning - the engine that you named has the setuid bit enabled, you may not want that bit set for the authentication method that you have chosen (OS-User) To turn off the setuid bit, chmod u-s ../appx up and running (process 13893 servicing port 8060) [root@tubes tools]# NotesFor example, here is a command to create a log monitor: | |||||||
./appxAuditMgr -install -serviceType=logmonitor -name=myLogMonitor -port=8064 | ||||||||
Line: 141 to 195 | ||||||||
To define FMS group, go to System Administration, Configuration, Log Profile press F9 to add a new profile. You can name it anything you want. For server name you must give it your server name:port number that you created earlier with appxAuditMgr: | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | ||||||||
Then click on Log File Parameters and make sure you check parameters that you wish to log: |