Skip to Content

Viewing and saving audit records

When you make changes to objects, a trace/audit record is created and stored. This record permits administrators to track who made changes to objects. After the changes are stored, accessing audit records produces a list of the ten most recent records.

Use the date/time selections to search for all records produced for a defined time period.

Information
Important

Use the Audit Log link in the Global Actions Bar to access the identical functionality.

Related topics

Modifying-objects

Administering-IBM-MQ-objects

To view or query audit records

  1. Expand the Operations list and select Audit. The Audit Events pane is displayed:
    AuditEvents.jpg
  2. To change the audit filter parameters (date/time range), use the menus at the top of the screen.
  3. (Optional) If you want to further filter the audited events, select a project from the list.
  4. Click Submit to display all audit records for the specified time range.
  5. (Optional) To filter audited events by object name, enter the object name.

  1. Click the + icon to expand any queue (or other object type) log, and review parameters associated with the operation, such as properties recording their previous and new values for an object.

    The following table displays additional columns in this view:

    Column

    Description

    Username

    User name of the person who has requested the action. 

    Event Type

    Type of event that occurred.

    Object Name

    Name of the object that the event was generated against.

    Namespace

    WMQ or EMS

    Connection

    Connection for the object that the event was generated against.

    Return Code

    The return code from the action; a positive number indicates success, a negative number indicates failure (review the audit log for further details).

To save the audit records to a file

  1. Filter the audit records by defining a date/time range using the menus at the top of the screen.
  2. (Optional) If you want to further filter the audited events, select a project from the list.
  3. Click Export as CSV icon.
  4. In the displayed dialog, choose to save or open the file (in .CSV format).

To send audit entries to the log

Performing the following steps enable MVMA to send audit entries to the log:

  1. Open configuration\services\org.ops4j.pax.logging.properties.
  2. At the bottom of the file, in the Audit Logging section, set Log4jAuditLogger=info, and modify or uncomment the following log4j.appender.Audit lines to appear as follows:

[Audit Logging]
log4j.logger.com.bmc.mmadmin.service.audit.internal.log.Log4jAuditLogger=info, Audit
#log4j.logger.com.bmc.mmadmin.service.audit.internal.log.Log4jAuditLogger=off, Audit
log4j.additivity.com.bmc.mmadmin.service.audit.internal.log.Log4jAuditLogger=false
log4j.appender.Audit=org.apache.log4j.RollingFileAppender
log4j.appender.Audit.File=logs/bmm.admin.audit.log
log4j.appender.Audit.MaxFileSize=10MB
log4j.appender.Audit.MaxBackupIndex=5
log4j.appender.Audit.Append=true
log4j.appender.Audit.layout=org.apache.log4j.PatternLayout
log4j.appender.Audit.layout.ConversionPattern=%m%n

Warning

 MVMA 9.1.00.E logging configuration has moved to etc/logback.xml. To configure external audit logging, make the necessary changes in the XML format, following the comments provided in the file. 


To enable auditing MQ message data

By default, when MVMA audits MQ messaging operations, it does not write any message payload data to the [internal/external] audit log file. Instead, it places any message contents affected by the change with a placeholder in the audit records.

Perform the following steps to enable auditing of MQ message payload data for the external audit log file:

1. Enable the external audit log file as described in To send audit entries to the log.

2. Stop MVMA services.

3. Open the wrapper.conf file in the configuration subfolder of the MVMA installation directory.

4. Enable the system property ENABLE_AUDIT_MESSAGE_CONTENT by adding the following entry: 

wrapper.java.additional.NN=-DENABLE_AUDIT_MESSAGE_CONTENT=true

The value of NN indicates the highest number of current entries of the same type increased by 1.

5. Restart MVMA services.

Warning

Note

• When auditing MQ message contents is enabled, the external audit log file may grow quickly in size while processing large number of messages or large messages. Maintaining the external audit file is the product administrator’s responsibility.

• The message contents stored in the audit log may contain security sensitive information. BMC recommends you to set up security measures to secure the audit log file from unauthorized access. 

• MVMA writes the original message in encoded and compressed form to accommodate a binary message data in the external audit log. Also, text-based message data is unreadable by the external audit log file. You can use the script DecodeMessageData.js, which is included in the examples of the MVMA JavaScript API to decode message content written for the external audit log.

• The internal audit log format maintained by MVMA does not change after enabling auditing of message data. The internal message content maintained in the audit log is replaced by a placeholder to reduce the amount of data maintained and prevent any potential performance-related losses.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

MainView Middleware Administrator 9.1