+

Search Tips   |   Advanced Search

AuditReaderCommands


Use Jython to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditReaderCommands group to display audit record information from the binary audit log.

Use the following commands to query the binary audit log:

 

binaryAuditLogReader

The binaryAuditLogReader command reads the default binary audit log and generates an HTML report based on the parameters you provide. You must use the auditor security role to use this command.

Target object: None.

Required parameters

-fileName

Fully qualified file name for the binary audit log. (String, required)

-outputLocation

Location of the HTML report that the command generates. (String, required)

Optional parameters

-reportMode

Type of report to generate. Valid values include basic, complete, or custom. The basic report provides the following configuration information:

  • creationTime
  • action
  • progName
  • registryType
  • domain
  • realm
  • remoteAddr
  • remotePort
  • remoteHost
  • resourceName
  • resourceType
  • resourceUniqueId

The complete report provides the data included by the default report type and each additional datapoint of interest. The custom report allows you to specify only the datapoints you choose to see generated in the report. The default value is basic. (String, optional)

-eventFilter

Audit types to read and report. Specify one or more audit event types. If we specify more than one value for the eventFilter parameter, separate each audit event type with a colon character (:). (String, optional)

-outcomeFilter

Audit event outcomes to read and report. Specify one or more audit event outcomes. If we specify more than one value for the outcomeFilter parameter, separate each audit event outcome with a colon character (:). (String, optional)

-sequenceFilter

List of beginning and ending sequence numbers. Use the a:b syntax, where a, the starting sequence number where the HTML report begins, and is less than or equal to b, the sequence number where the HTML report ends. A single sequence may also be specified, such as -sequenceFilter 10, to only generate a report for the tenth record. (String, optional)

-timeStampFilter

Time stamp range of records to read and report. Use the a:b syntax, where a and b are strings in the format java.text.SimpleDateFormat("MMddhhmmyyyy"). We can also specify a single timestamp. (String, optional)

-keyStorePassword

Specifies password to open the keystore. (String, optional)

-dataPoints

List of specific audit data to use to generate the report. Use this option only when you set the reportMode parameter as custom. If we specify multiple data points, separate each data point with a colon character (:). (String, optional)

Return value

The command returns the HTML report based on the values specified for each parameter to the location specified by the outputLocation parameter.

Batch mode example usage

Interactive mode example usage

 

showAuditLogEncryptionInfo

The showAuditLogEncryptionInfo command displays information about the keystore that the auditing system uses to encrypt audit records. Use this information as a hint of the keystore password in order to decrypt encrypted audit logs in the binary audit log.

Target object

None.

Required parameters

-fileName

Fully qualified path of the binary audit log. (String, required)

Return value

The command returns the certificate alias and the fully qualified path to the keystore of interest.

Batch mode example usage

Interactive mode example usage




 

Related tasks


Use the audit reader

 

Related


AuditKeyStoreCommands
AuditEmitterCommands for AdminTask
AuditSigningCommands
AuditEncryptionCommands
AuditEventFactoryCommands for AdminTask
AuditFilterCommands
AuditPolicyCommands
AuditEventFormatterCommands