You can check the permissions of the appxAuditMgr command by running the following command:cd /usr/local/appx/services chown root appxAuditMgr chgrp appxgrp appxAuditMgr chmod 4775 appxAuditMgr
The recommended permissions should be as follows:ls -l appxAuditMgr
-rwsrwxr-x 1 root appxgrp 636843 Jul 11 07:31 appxAuditMgr
[root@500test services]# ./appxAuditMgr -status appxLog8070 up and running (process 2390 servicing port 8070)
[root@500test services]# service appxLog8070 status up and running (process 2390 servicing port 8070)
Synopsis - Service Configuration
The appxAuditMgr service configuration commands are used to create, configure, and remove an instance of an APPX Audit Log Service. appxAuditMgr -install -serviceName=SERVICENAME -ServiceType=logmonitor -SockPort=[TCP-Port] [options]... [VARIABLE=VALUE]... appxAuditMgr -modify -serviceName=SERVICENAME [options]... [VARIABLE=VALUE]... appxAuditMgr -replace -serviceName=SERVICENAME -ServiceType=logmonitor [options]... [VARIABLE=VALUE]... appxAuditMgr -remove -serviceName=SERVICENAMEConfiguration - Commands
-install -name=SERVICENAME -ServiceType=logmonitor [options]... [VARIABLE=VALUE]... -install -port=PORT -ServiceType=logmonitor [options]... [VARIABLE=VALUE]...-modify -name=SERVICENAME [options]... [VARIABLE=VALUE]...The -install command is used to configure a new instance of an APPX Audit Log Service. Either form of the install command may be used.The first form of the -install command requires only that a service name and service type be specified. All other options are optional including the TCP/IP port. Any option not specified will be configured with an appropriate default value. The second form of the -install command requires only that a TCP/IP port and service type be specified. All other options are optional including the <nop>ServiceName. Any option not specified will be configured with an appropriate default value. Both forms of the -install command allow additional configuration options to be specified. The configuration options specified are stored in the service configuration file (ini). Both forms of the -install command optionally allow values to be specified for environment variables. If specified, the environment variables and their values are stored in the environment configuration file (env). There is currently no need to set any environment variables. In addition to creating the service configuration file and the environment configuration file, the -install command also creates an operating system service that will be automatically started when the computer system is started. After creating the configuration files and the operating system service, the -install command starts the service.The -modify command is used to modify the configuration of an existing Audit Log Service. The specified options will be updated in the service configuration files. Any options not specified will not be changed. After updating the configuration files, the -modify command restarts the service. Note that when specifying variables on the command line, you must prefix them with a dash if you are referring to settings such as DisplayName, or without a dash if you are referring to environment variables. Note that the -modify command updates the service configuration file and the environment configuration file by removing the old files and creating new files with the updated options and environment variables. Any comments that may have been manually added to these configuration files are not preserved.-replace -name=SERVICENAME -ServiceType=logmonitor [options]... [VARIABLE=VALUE]...The -replace command is used to replace an existing Audit Log Service with a new Audit Log Service with the same name. The -replace command is effectively the same as a -remove command followed by an -install command. After updating the configuration files, the -replace command restarts the service. Note that when specifying variables on the command line, you must prefix them with a dash if you are referring to settings such as DisplayName, or without a dash if you are referring to environment variables.-remove -name=SERVICENAMEThe -remove command is used to remove an existing Audit Log Service. The -remove command will remove the configuration files (ini and env) and the corresponding operating system service. If the service is running when the -remove command is executed, the -remove command will first stop the service and then remove the service.Configuration - Options
-LogDirectory={/tmp, LOGDIR}Options - General
-name, -ServiceName=SERVICENAMEThe <nop>ServiceName uniquely identifies an APPX Audit Log Service. When creating (installing) an Audit Log Service, the SERVICENAME value may be any string value that conforms to the rules for valid filenames on your server. If this option is omitted when an Audit Log Service is being created, the Audit Log Service will be created with a default <nop>ServiceName based on the following template: "appxd-" followed by the specified TCP/IP port number, e.g "appxd-8060".-DisplayName=DISPLAYNAME The <nop>DisplayName is a "user-friendly" descriptive name for an Audit Log Service. The DISPLAYNAME value will appear in your system's Services control panel and will be displayed by the ps command. If you don't specify a DISPLAYNAME when an Audit Log Service is being created, the Audit Log Service will be created with a DISPLAYNAME based on the SERVICENAME.When the service is started, two log files are created in the LOGDIR directory - an Audit Log Service log file (.log) and a status file (.stat). Both log files have the same name as the <nop>ServiceName but one has a file extension of .log and the other has a file extension of .stat. If the <nop>LogDirectory option is not specified, the log files are created in the /tmp directory.-ServiceType=logmonitorThe only valid value when configuring an Audit Log Service is "logmonitor". Note: This option must be specified.-ServiceDisable={true, false}This option can be used to temporarily disable or "turn off" the Audit Log Service. If set to true, the Audit Log Service will still run but it will not accept requests to log data from APPX sessions.-initScript={lsb, <nop>RedHat}Used with -install option to specify the type of operating system that the service script is to be created for. If this option is not specified, appxAuditMgr will determine which type of service script to install.Options - Audit Log
-LogNamePattern={/tmp/logmon%N.xml, AUDITLOGPATHNAME}The <nop>LogNamePattern identifies the path and the file name for the audit log files that will be created by the Audit Log Service. The value of AUDITLOGPATHNAME can include a pattern to ensure that the name of each file created by the Audit Log Service will be unique.-LogRotationInterval={86400, MAXSECONDS}The <nop>LogRotationInterval identifies the maximum time in seconds that an Audit Log file should be used before being closed and a new audit log file is created. The default value of 86400 is the number of seconds in one day so, by default, the Audit Log Service will create a new audit log file each day-LogRotationSize={1G, MAXSIZE}The <nop>LogRotationSize is the maximum size that an Audit Log file is allowed to be. When an audit log file reaches the specified MAXSIZE, it will be closed and a new audit log file will be created.Options - TCP/IP
-port, -SockPort={8060, PORT}Configure the service to listen for audit log requests on the specified TCP/IP PORT number. This option is required with the -install option. You may choose any TCP/IP PORT number that is not reserved or already being used on your system.
VARIABLE=VALUEYou can include a space-separated list of environment variables at the end of the command line when you use the -install option. These environment variables will be saved in the env file that is created. There is currently no reason to use this feature.
appxAuditMgr [-start | -stop | -restart | -status] {SERVICENAME | -serviceName=SERVICENAME}MANAGEMENT OPTIONS
-start | < blank >-stopStart an instance of the Audit Log Service using the configuration information in the SERVICENAME.ini and the SERVICENAME.env files.
Stop the instance of the Audit Log Service that was started with the SERVICENAME.ini file.-restart
Restart (stop and then start) the instance of the Audit Log Service that was started with the SERVICENAME.ini file.-status
Report the status of the instance of the Audit Log Service that was started with the SERVICENAME.ini file.EXAMPLES Example 1 - Configure and start a new instance of the Audit Log Service that will listen for audit log requests on port 8070: appxAuditMgr -install -name=appxLog8070 -port=8070 -ServiceType=logmonitor
Example 2 - Configure and start a new instance of the Audit Log Service that will listen for audit log requests on port 8070. The service name and descriptive name are also specified. appxAuditMgr -install -port=8070 -name=appxLog8070 -displayName="Appx-Audit-Log(8070)" -ServiceType=logmonitor Example 2 - Display the status of an instance of the Audit Log Service: appxAuditMgr -status appxLog8070 Example 3 - Shutdown a running instance of the Audit Log Service: appxAuditMgr -stop appxLog8070 Example 4 - Start a previously configured instance of the Audit Log Service: appxAuditMgr -start appxLog8070 Example 5 - Modify the Display Name and the maximum size of the log of an existing service: appxAuditMgr -modify -name=appxLog8070 -displayName="Big Audit Log" -LogRotationSize=10G[root@localhost services]# ./appxAuditMgr -install -name=appxLog8070 -port=8070 -ServiceType=logmonitor Configuration written to: appxLog8070.ini Environment written to: appxLog8070.env Service script written to: /etc/init.d/appxLog8070 Configuration complete Registering service Starting appxLog8070: serviceName: appxLog8070 servicePath: /usr/local/appx500/services/ Looking for config file in appxLog8070.ini Writing process ID to /var/run/appxLog8070.pid running as process 12859 servicing port 8070 up and running (process 12859 servicing port 8070) Installation Complete
# Appx connection manager configuration file # # You can change this file by hand, or # use the uappxd program for better results # # blank lines are ignored # # anything following a '#' is treated as a comment # # case is not important on the left-hand side # properties whose descriptions end in a '?' are # boolean and should be set to true or false # --------------------------------------------------
# AppxApplication = #startup application for spawned engines # AppxDatabase = #startup database for spawned engines AppxExecutable = /usr/local/appx500/appx#pathname to Appx engine # AppxProcessName = #startup process name for spawned engines # AppxProcessType = #startup process type for spawned engines # AuthenticationMethod = OS-User #authentication method (OS-User, Appx-User, HT-User(filename)) DisplayName = appxLog8070 #descriptive name # ImpersonateGID = true #change effective grouo ID for spawned engines? # ImpersonateGroup = User #[LogonUser, NamedGroup(groupname), ServiceOwner] # ImpersonateUID = true #change effective user ID for spawned engines? # ImpersonateUser = LogonUser #[LogonUser, NamedUser(username), ServiceOwner] # LoadSystemEnvironment = true #load default system-defined environment variables into spawned engines? # LogDirectory = /tmp #directory where log file should reside # LogNamePattern = /tmp/appxlog%N.xml #audit log filename pattern (see man strftime for details # LogRotationInterval = 86400 #number of seconds between audit log rotations # LogRotationSize = 1G #maximum audit log file size # RequireSSL = false #Require SSL-secured connections? # RequireSSLClientCertificates = false #require SSL-client certificates? # ServerCertificateFile = #pathname of server's X509 certificate (leave blank for anonymous connections # ServerPrivateKeyFile = #pathname of server's private key file (unlocks the ServerCertificateFile) # ServerPrivateKeyPassphrase = #passphrase that unlocks ServerPrivateKeyFile # ServiceDisable = false #disable this service? # ServiceDisableAppxKeys = false #disable keyboard mapping? # ServiceDisableFMS = false #disable AppxNET connections? # ServiceDisableLogins = false #disable interactive logins? # ServiceEnableCmds = true #allow client-side startup options? ServiceName = appxLog8070 #name of service ServiceType = logmonitor #service type (login or logmonitor) SockPort = 8070 #port number to service # SSLMode = Optional #SSL connection type (optional, required, disabled) # TCPEnableKeepAlive = true #Enable TCP dead-connection detection # TCPKeepCount = 8 #Maximum number of keep-alive pings # TCPKeepIdle = 300 #Idle time before ping sent to client (in seconds) # TCPKeepInterval = 60 #Interval between keep-alive pings # TCPNoDelay = true #disable TCP packet filling delay? # TrustedCAFile = #determines which client certificates to trust # Umask = #umask (file creation mask) given to spawned engines
# Appx connection manager environment variables # # The entries in this file will become # environment variables in the engines # spawned by this service # # blank lines are ignored # # anything following a '#' is treated as a comment # # letter case IS important in this file # --------------------------------------------------
appxLog8070 running as process 8665 Effective User ID 0 Real User ID 0 Configuration values follow *Daemonize = true *DontForkEngine = false *InitScriptStyle = *SleepAfterFork = AppxApplication = AppxDatabase = AppxExecutable = /usr/local/appx500/appx AppxProcessName = AppxProcessType = AuthenticationMethod = OS-User DisplayName = AppxLog8070 ImpersonateGID = true ImpersonateGroup = User ImpersonateUID = true ImpersonateUser = LogonUser LoadSystemEnvironment = true LogDirectory = /tmp LogNamePattern = /tmp/appxlog%N.xml LogRotationInterval = 86400 LogRotationSize = 1G RequireSSL = false RequireSSLClientCertificates = false ServerCertificateFile = ServerPrivateKeyFile = ServerPrivateKeyPassphrase = ServiceDisable = false ServiceDisableAppxKeys = false ServiceDisableFMS = false ServiceDisableLogins = false ServiceDisableODBC = ServiceEnableCmds = true ServiceName = AppxLog8070 ServiceType = logmonitor SockPort = 8070 SSLMode = Optional TCPEnableKeepAlive = true TCPKeepCount = 8 TCPKeepIdle = 300 TCPKeepInterval = 60 TCPNoDelay = true TrustedCAFile = Umask = Environment variables follow Logging to /tmp/appxlog3.xml
*Daemonize = true *DontForkEngine = false *InitScriptStyle = *SleepAfterFork = AppxApplication = AppxDatabase = AppxExecutable = /usr/local/appx500/appx AppxProcessName = AppxProcessType = AuthenticationMethod = OS-User DisplayName = appxLog8070 ImpersonateGID = true ImpersonateGroup = User ImpersonateUID = true ImpersonateUser = LogonUser LoadSystemEnvironment = true LogDirectory = /tmp LogNamePattern = /tmp/appxlog%N.xml LogRotationInterval = 86400 LogRotationSize = 1G RequireSSL = false RequireSSLClientCertificates = false ServerCertificateFile = ServerPrivateKeyFile = ServerPrivateKeyPassphrase = ServiceDisable = false ServiceDisableAppxKeys = false ServiceDisableFMS = false ServiceDisableLogins = false ServiceDisableODBC = ServiceEnableCmds = true ServiceName = appxLog8070 ServiceType = logmonitor SockPort = 8070 SSLMode = Optional TCPEnableKeepAlive = true TCPKeepCount = 8 TCPKeepIdle = 300 TCPKeepInterval = 60 TCPNoDelay = true TrustedCAFile = Umask = createListener complete - listening on port 8070 CAppxD::Run starting monitorLog - starting
Usage (service)
Synopsis - service Command
service [serviceName] [start|stop|restart|status]
When executing the appxAuditMgr command with the -install option, you must include the -name option.
When executing the the appxAuditMgr command with the -install option, you must include the - DisplayName option. If you do not, the ps command will not display a meaningful name for the running service.
LogNamePattern = /tmp/appxlog%N.xmlEach time the log monitor rotates to a new log file, it replaces %N with the next number in sequence (it was always starting at 0). You can use other specifiers in the LogNamePattern too, for example, "/tmp/appx-%D-%B-%Y" would result in file names like:
/tmp/appx-11-Jun-08/tmp/appx-12-Jun-08 ... If you restart the log monitor on 11-Jun-08 (and your LogNamePattern specifies %D-%B-%Y), any existing log file with that name would be replaced. Of course, you can include time components in the LogNamePattern to avoid that problem (or add %N to the pattern to include a sequence number). Here's the complete list of valid specifiers (from the strftime man page):
%a The abbreviated weekday name according to the current locale. %A The full weekday name according to the current locale. %b The abbreviated month name according to the current locale. %B The full month name according to the current locale. %c The preferred date and time representation for the current locale. %C The century number (year/100) as a 2-digit integer. (SU) %d The day of the month as a decimal number (range 01 to 31). %D Equivalent to %m/%d/%y. (Yecch -- for Americans only. Americans should note that in other coun- tries %d/%m/%y is rather common. This means that in international context this format is ambiguous and should not be used.) (SU) %e Like %d, the day of the month as a decimal number, but a leading zero is replaced by a space. (SU) %E Modifier: use alternative format, see below. (SU) %F Equivalent to %Y-%m-%d (the ISO 8601 date format). (C99) %G The ISO 8601 year with century as a decimal number. The 4-digit year corresponding to the ISO week number (see %V). This has the same format and value as %y, except that if the ISO week number belongs to the previous or next year, that year is used instead. (TZ) %g Like %G, but without century, that is, with a 2-digit year (00-99). (TZ) %h Equivalent to %b. (SU) %H The hour as a decimal number using a 24-hour clock (range 00 to 23). %I The hour as a decimal number using a 12-hour clock (range 01 to 12). %j The day of the year as a decimal number (range 001 to 366). %k The hour (24-hour clock) as a decimal number (range 0 to 23); single digits are preceded by a blank. (See also %H.) (TZ) %l The hour (12-hour clock) as a decimal number (range 1 to 12); single digits are preceded by a blank. (See also %I.) (TZ) %m The month as a decimal number (range 01 to 12). %M The minute as a decimal number (range 00 to 59). %n A newline character. (SU) %O Modifier: use alternative format, see below. (SU) %p Either `AM' or `PM' according to the given time value, or the corresponding strings for the current locale. Noon is treated as `pm' and midnight as `am'. %P Like %p but in lowercase: `am' or `pm' or a corresponding string for the current locale. (GNU) %r The time in a.m. or p.m. notation. In the POSIX locale this is equivalent to `%I:%M:%S %p'. (SU) %R The time in 24-hour notation (%H:%M). (SU) For a version including the seconds, see %T below. %s The number of seconds since the Epoch, that is, since 1970-01-01 00:00:00 UTC. (TZ) %S The second as a decimal number (range 00 to 60). (The range is up to 60 to allow for occasional leap seconds.) %t A tab character. (SU) %T The time in 24-hour notation (%H:%M:%S). (SU) %u The day of the week as a decimal, range 1 to 7, Monday being 1. See also %w. (SU) %U The week number of the current year as a decimal number, range 00 to 53, starting with the first Sunday as the first day of week 01. See also %V and %W. %V The ISO 8601:1988 week number of the current year as a decimal number, range 01 to 53, where week 1 is the first week that has at least 4 days in the current year, and with Monday as the first day of the week. See also %U and %W. (SU) %w The day of the week as a decimal, range 0 to 6, Sunday being 0. See also %u. %W The week number of the current year as a decimal number, range 00 to 53, starting with the first Monday as the first day of week 01. %x The preferred date representation for the current locale without the time. %X The preferred time representation for the current locale without the date. %y The year as a decimal number without a century (range 00 to 99). %Y The year as a decimal number including the century. %z The time-zone as hour offset from GMT. Required to emit RFC 822-conformant dates (using "%a, %d %b %Y %H:%M:%S %z"). (GNU) %Z The time zone or name or abbreviation. %+ The date and time in date(1) format. (TZ) (Not supported in glibc2.) %% A literal '%' character.
type | eventID | sessionID | fileID | appxProcessID | eventRecordID | eventData | Structure |
---|---|---|---|---|---|---|---|
Read | Yes | Yes | Yes | Yes | Indexed Files | Yes | No |
Update | Yes | Yes | Yes | Yes | Indexed Files | Yes | No |
Insert | Yes | Yes | Yes | Yes | Indexed Files | Yes | No |
Delete | Yes | Yes | Yes | Yes | Indexed Files | Yes | No |
Scratch | Yes | Yes | Yes | Yes | No | ||
File Create | Yes | Yes | Yes | Yes | No | Yes | |
Restructure | Yes | Yes | Yes | Yes | No |
node | node/element | value |
---|---|---|
<eventID> | ||
<type/> | see above table | |
<timeStamp/> | ccyymmddhhmmsstt | |
</eventID> | ||
<sessionID> | ||
<processID/> | 9(6) | |
<userID/> | X(3) | |
</sessionID> | ||
<fileID> | ||
<application/> | ||
<database/> | ||
<structureDate/> | ||
<filename/> | ||
</fileID> | ||
<appxProcessID> | ||
<type/> | ||
<name/> | ||
<application/> | ||
<version/> | ||
<database/> | ||
<lastChange/> | ||
</appxProcessID> | ||
<eventRecordID> | ||
<keySegment> | 0-16 instances | |
</eventRecordID> | ||
<keySegment> | ||
<fieldName> | ||
<fieldValue> | ||
</keySegment> | ||
<eventData> | ||
<field> | 0-n instances | |
</eventData> | ||
<field> | read, insert, delete | |
<fieldName> | ||
<occurrence> | ||
<fieldValue> | ||
</fieldData> | ||
<fieldData> | update | |
<fieldName> | ||
<oldValue> | ||
<newValue> | ||
</fieldData | ||
<Structure> | ||
<Field> | 1-n instances | |
</Structure> | ||
<Field> | ||
<fieldName> | ||
<fieldType> | ||
<occurrences> | ||
<rawLength> | ||
<offset> | ||
</Field> | ||
<eventData> | ||
<RecordSizeChange> | ||
<DeletedElement> | ||
</eventData> | ||
<RecordSizeChange> | ||
<old> | ||
<new> | ||
</RecordSizeChange> | ||
<DeletedElement/> | ||
<fieldName/> | ||
</DeletedElement> |