Testing and querying audit records
The Audit tool can be used to test the creation of audit records or to possibly create your own when scripting other operations.
You can also use the Audit tool to query audit records.
Querying Audit Records
You can use audittool to query audit records logged during a period of time.
Audit records have two forms; the first form refers to an object contained in the object repository. Each type of object in the object repository has a type name. For example, ComMQSoftwareWebSphereMQQueueManager
. When querying audit records for objects of a given type, the --query-type-name
option must be used. Use the repomgr CLI with the --defs-query-types
option to get a list of the known type names.
The second form is used when the object is not yet known. For example, when an object is going to be created but not yet discovered by a monitoring extension. When querying audit records of this form, the --query-object-type
option must be used.
Regardless of which of the two forms is required, you can specify a mask to match the required records. Note that you cannot query audit records of both forms at the same time.
Below is an example query for audit records during the month of April for an agent with the name AGENT_1.
audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-type-name ComMQSoftwareNetworkHost --query-object-mask AGENT_1 -p BMCSOFTWARE SA
The following is an example that shows all audit records logged for all queue managers belonging to the agent AGENT_1.
audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-type-name ComMQSoftwareWebSphereMQQueueManager --query-object-mask "AGENT_1!%" -p BMCSOFTWARE SA
The next example shows audit records that are related to creating channels belonging to the agent AGENT_1.
audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-object-type "MQ Channel" --query-object-mask "AGENT_1!%" -p BMCSOFTWARE SA
Audit tool options
Option | Argument | Description |
---|---|---|
| description | Description for audit entry. Required for |
| Event id | Add an audit event end record. Requires |
| hostname | Host for added audit record. Required for |
| property | Integer Property, requires |
| integer | Integer Value paired with |
| objectName | Object name. Qualifies |
| hi_lo_typeid | Object identifier. Qualifies |
| object_type | Object type. Qualifies |
| event_label | Add an audit event start record: |
| status | End record status. Required for --add-end. |
| property | String Property, requires |
| string | String Value, paired with |
| Host name | Application Service host. |
| Port number | Application service port. |
| "yyyy-MM-ddHH:mm:ss" | Get the audit records before the specified time. |
--query-object-type | Object type | Used to query audit records of the specified object type. See --add-object-type for the list of possible object types. |
| "yyyy-MM-ddHH:mm:ss" | Get the audit records after the specified time. |
| Type name | Object Type Name. Qualifies query. |
| Give this help summary. | |
| Password. | |
| Specify password via stdin. |
Comments