AuditReaderCommands
Use Jython to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditReaderCommands group to display audit record information from the binary audit log.
Use the following commands to query the binary audit log:
binaryAuditLogReader
The binaryAuditLogReader command reads the default binary audit log and generates an HTML report based on the parameters you provide. You must use the auditor security role to use this command.
Target object: None.
Required parameters
- -fileName
- Fully qualified file name for the binary audit log. (String, required)
- -outputLocation
- Location of the HTML report that the command generates. (String, required)
Optional parameters
- -reportMode
- Type of report to generate. Valid values include basic, complete, or custom. The basic report provides the following configuration information:
- creationTime
- action
- progName
- registryType
- domain
- realm
- remoteAddr
- remotePort
- remoteHost
- resourceName
- resourceType
- resourceUniqueId
The complete report provides the data included by the default report type and each additional datapoint of interest. The custom report allows you to specify only the datapoints you choose to see generated in the report. The default value is basic. (String, optional)
- -eventFilter
- Audit types to read and report. Specify one or more audit event types. If we specify more than one value for the eventFilter parameter, separate each audit event type with a colon character (:). (String, optional)
- -outcomeFilter
- Audit event outcomes to read and report. Specify one or more audit event outcomes. If we specify more than one value for the outcomeFilter parameter, separate each audit event outcome with a colon character (:). (String, optional)
- -sequenceFilter
- List of beginning and ending sequence numbers. Use the a:b syntax, where a, the starting sequence number where the HTML report begins, and is less than or equal to b, the sequence number where the HTML report ends. A single sequence may also be specified, such as -sequenceFilter 10, to only generate a report for the tenth record. (String, optional)
- -timeStampFilter
- Time stamp range of records to read and report. Use the a:b syntax, where a and b are strings in the format java.text.SimpleDateFormat("MMddhhmmyyyy"). We can also specify a single timestamp. (String, optional)
- -keyStorePassword
- Specifies password to open the keystore. (String, optional)
- -dataPoints
- List of specific audit data to use to generate the report. Use this option only when you set the reportMode parameter as custom. If we specify multiple data points, separate each data point with a colon character (:). (String, optional)
Return value
The command returns the HTML report based on the values specified for each parameter to the location specified by the outputLocation parameter.
Batch mode example usage
- Use Jython string:
(Windows)
AdminTask.binaryAuditLogReader('[-fileName myFileName -reportMode basic -keyStorePassword password123 -outputLocation C:\binaryLogs]')
[AIX] [HP-UX] [Solaris][Linux]
AdminTask.binaryAuditLogReader('[-fileName myFileName -reportMode basic -keyStorePassword password123 -outputLocation /binaryLogs]')- Use Jython list:
(Windows)
AdminTask.binaryAuditLogReader(['-fileName', 'myFileName', '-reportMode', 'basic', '-keyStorePassword', 'password123', '-outputLocation', 'C:\binaryLogs'])
[AIX] [HP-UX] [Solaris][Linux]
AdminTask.binaryAuditLogReader(['-fileName', 'myFileName', '-reportMode', 'basic', '-keyStorePassword', 'password123', '-outputLocation', '/binaryLogs'])
Interactive mode example usage
- Jython...
AdminTask.binaryAuditLogReader('-interactive')
showAuditLogEncryptionInfo
The showAuditLogEncryptionInfo command displays information about the keystore that the auditing system uses to encrypt audit records. Use this information as a hint of the keystore password in order to decrypt encrypted audit logs in the binary audit log.
Target object
None.
Required parameters
- -fileName
- Fully qualified path of the binary audit log. (String, required)
Return value
The command returns the certificate alias and the fully qualified path to the keystore of interest.
Batch mode example usage
- Use Jython string:
AdminTask.showAuditLogEncryptionInfo('-fileName myFileName')- Use Jython list:
AdminTask.showAuditLogEncryptionInfo(['-fileName', 'myFileName'])
Interactive mode example usage
- Jython...
AdminTask.showAuditLogEncryptionInfo('-interactive')
Related tasks
Use the audit reader
Related
AuditKeyStoreCommands
AuditEmitterCommands for AdminTask
AuditSigningCommands
AuditEncryptionCommands
AuditEventFactoryCommands for AdminTask
AuditFilterCommands
AuditPolicyCommands
AuditEventFormatterCommands