Testing and querying audit records

The Audit tool can be used to test the creation of audit records or to possibly create your own when scripting other operations.

You can also use the Audit tool to query audit records.

Querying Audit Records

You can use audittool to query audit records logged during a period of time.

Audit records have two forms; the first form refers to an object contained in the object repository. Each type of object in the object repository has a type name. For example, ComMQSoftwareWebSphereMQQueueManager. When querying audit records for objects of a given type, the --query-type-name option must be used. Use the repomgr CLI with the --defs-query-types option to get a list of the known type names.

The second form is used when the object is not yet known. For example, when an object is going to be created but not yet discovered by a monitoring extension. When querying audit records of this form, the --query-object-type option must be used.

Regardless of which of the two forms is required, you can specify a mask to match the required records. Note that you cannot query audit records of both forms at the same time.

Below is an example query for audit records during the month of April for an agent with the name AGENT_1.

audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-type-name ComMQSoftwareNetworkHost --query-object-mask AGENT_1 -p BMCSOFTWARE SA

The following is an example that shows all audit records logged for all queue managers belonging to the agent AGENT_1.

audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-type-name ComMQSoftwareWebSphereMQQueueManager --query-object-mask "AGENT_1!%" -p BMCSOFTWARE SA

The next example shows audit records that are related to creating channels belonging to the agent AGENT_1.

audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-object-type "MQ Channel" --query-object-mask "AGENT_1!%" -p BMCSOFTWARE SA

Audit tool options






Description for audit entry. Required for --add-start and --add-end.


Event id

Add an audit event end record. Requires --add-desc and --add-status. This option requires the event id output from an --add-start follow it. Any number of --add-int-prop/--add-int-value and --add-string-prop/--add-string-value pairs can be specified.



Host for added audit record. Required for --add-start. Should match object's host.



Integer Property, requires --add-int-value. Qualifies --add-start and --add-end.



Integer Value paired with --add-int-prop. Qualifies --add-start and --add-end.



Object name. Qualifies --add-start, paired with --add-object-type.



Object identifier. Qualifies --add-start.



Object type. Qualifies --add-start, paired with --add-object-name.This option requires one of the following follow it: MQ QueueManager|MQ CommandServer|MQ Queue|MQ Channel| MQ Process|MQ Message|Q Pasa! Agent|MQ ChannelListener| MQ TriggerMonitor|MQ ChannelInitiator|MQAuthorities| MQ Authinfo|MQ Namelist|MQ Listener|MQ Service|MQ Topic| MQ Subscription|MQ AuthRec|MQ CommInfo|MQ ChlAuth|MQ TTChl| MQ SMDS|MQ CFSStruct



Add an audit event start record: PropertyChange|Start|Stop|Create|Delete|DistributeAgent|Reset|Ping|Resolve|Clear|Export|Import|Put|Upgrade-user|Upgrade-user-cancel|Secure-agent-login|Set|Display|               Query-usage|Cluster-data|Suspend|Resume|Refresh|Query-namelist-names|Query-namelist-names-with-content|RunAmqmdain|Query-version|Discovery|Register|Unregister|Get-Extension-Preferences|Set-Extension-Preferences|Delete-Extension-Preferences|Get-Agent-Preferences|Set-Agent-Preferences|Delete-Agent-Preferences|Set-Extension-Events|Query-Product-Feature|Query-Enabled-Product-Features|Query-Agent-Version|Reconfirm|Query-Registered-Objects|Associate-Event-Template|Associate-History-Template|Run-Script|Distribute-Packages|Schedule-Discovery|Suppress-Events|Get-Extension-Preferences-Multilevels|Modify-Dashboard



End record status. Required for --add-end.



String Property, requires --add-string-value. Qualifies --add-start and --add-end.



String Value, paired with --add-string-prop. Qualifies --add-start and --add-end.


Host name

Application Service host.


Port number

Application service port.



Get the audit records before the specified time.

--query-object-typeObject typeUsed to query audit records of the specified object type. See --add-object-type for the list of possible object types.



Get the audit records after the specified time.


Type name

Object Type Name. Qualifies query.

-? Or

Give this help summary.




Specify password via stdin.

Was this page helpful? Yes No Submitting... Thank you