×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC PATROL Agent 10.7 Administering

Keys and values for the audit log variable

The Audit Log configuration variable, /AgentSetup/auditLog, consists of a new line separated list of Key and Value pairs as shown in the following example: 

"/AgentSetup/auditLog" = {
REPLACE = "Active=1\
filecount=4\
FileAging=Size 10"
}

What happens when you set auditLog using a monitoring policy on the TrueSight console?

You can set only the Active parameter through a monitoring policy on the TrueSight console:

Active=1

The following parameters are set to the default values:

filecount=5

FileAging=Daily 0


The following table lists and explains the Key and Value pairs:


AgentSetup/auditLog keys and values

Key

Description

Active

Determines whether the audit logging feature is turned on or off, and where the information is being logged. The recognized values include the following:

  • 0 — turns off audit logging and is the default setting (No, and False are also valid values)
  • 1 — logs information to a file (Yes, On, and True are also valid values)
  • 2 — log information is sent to the Applications log by default. If you are using Windows 2000 or later, see Creating a custom node in the windows event log.
  • 3 — logs information to both a file and Windows Event Log

Delimiter

Determines the delimiter character that separates the fields in the log file. The default character is the pipe-symbol '|'.

FileAging

Determines the interval at which a new log file is created as follows:

  • Daily N — create a new log file every day at approximately the hour N, where N ranges from midnight 12 A.M. represented as 0 to 11 P.M. represented as 23; the default is Daily 0
  • Entries N — create a new log file after logging N entries, where N is the number of entries; for example, N >= 100
  • Size N — create a new log file when the file reaches a designated size, where N is the file size in KB; for example, N >= 32

FileCount

Determines how many old log files are retained. The default value is 5.

Each time a new log file is created, the previous files are renamed in the same manner as done with the agent regular log file.

FileName

Determines the pathname and filenaming convention for the audit log file. The name can contain the following macros:

  • %H — refers to the current agent-host
  • %P — refer to the port-number being used

    If path is not a fully qualified pathname, the PATROL Agent treats it as being relative to the <PATROL_HOME>/log directory. All subdirectories in the pathname must already exist PATROL Agent creates the log file but not the directories leading up to the file. If the file cannot be opened, the agent writes an error message to the agent's log file.

    The default path and file name is:

    NTPATROL_HOME\log\PatrolAgent-%H-%P.audit
    UNIXPATROL_HOME/log/PatrolAgent-%H-%P.audit

Creating a custom node in the windows event log

When you set the /AgentSetup/auditLog configuration variable to log information to the Windows Event Log, the activity will be logged to the "Applications" Windows Event Log by default. On Windows 2000 or later, you can create a separate, custom "PATROL" node in the Windows Event Log.

The following task describes how to create a custom log. You must first remove the existing agent service (if necessary), and install the agent with the -l (L) command line option.

To remove the agent service

Type the following command in the command line and press Enter:
PatrolAgent -remove

To install the agent service

  1. Type the following command in the command line and press Enter:
    PatrolAgent -install -l logname (where logname is the desired name for the custom log node)
  2. Restart your computer for the change to take effect.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Rashmi Gokhale on Sep 11, 2019
logs audit_logs

Comments

Log in or register to comment.

Setting the default account for PEM commands
Setting the PATROL Agent account for instances
© Copyright 2013 - 2017 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.