Testing and querying audit records
The Audit tool can be used to test the creation of audit records or to possibly create your own when scripting other operations.
You can also use the Audit tool to query audit records.
Querying Audit Records
You can use audittool to query audit records logged during a period of time.
Audit records have two forms; the first form refers to an object contained in the object repository. Each type of object in the object repository has a type name. For example,
ComMQSoftwareWebSphereMQQueueManager. When querying audit records for objects of a given type, the
--query-type-name option must be used. Use the repomgr CLI with the
--defs-query-types option to get a list of the known type names.
The second form is used when the object is not yet known. For example, when an object is going to be created but not yet discovered by a monitoring extension. When querying audit records of this form, the
--query-object-type option must be used.
Regardless of which of the two forms is required, you can specify a mask to match the required records. Note that you cannot query audit records of both forms at the same time.
Below is an example query for audit records during the month of April for an agent with the name AGENT_1.
audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-type-name ComMQSoftwareNetworkHost --query-object-mask AGENT_1 -p BMCSOFTWARE SA
The following is an example that shows all audit records logged for all queue managers belonging to the agent AGENT_1.
audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-type-name ComMQSoftwareWebSphereMQQueueManager --query-object-mask "AGENT_1!%" -p BMCSOFTWARE SA
The next example shows audit records that are related to creating channels belonging to the agent AGENT_1.
audittool --query-start "2017-04-01 00:00:00" --query-end "2017-04-30 23:59:59" --query-object-type "MQ Channel" --query-object-mask "AGENT_1!%" -p BMCSOFTWARE SA
Audit tool options
Description for audit entry. Required for
Add an audit event end record. Requires
Host for added audit record. Required for
Integer Property, requires
Integer Value paired with
Object name. Qualifies
Object identifier. Qualifies
Object type. Qualifies
Add an audit event start record:
End record status. Required for --add-end.
String Property, requires
String Value, paired with
Application Service host.
Application service port.
Get the audit records before the specified time.
|Object type||Used to query audit records of the specified object type. See |
Get the audit records after the specified time.
Object Type Name. Qualifies query.
Give this help summary.
Specify password via stdin.