The Audit Tab
Universal Messaging Realm Servers log administration operations performed on the realm to a file. These events are called audit events and are stored in a local file called NirvanaAudit.mem. These audit events are useful for tracking historical information about the realm and who performed what operation and when. The Universal Messaging Administration API provides the ability to consume the audit file entries from an nRealmNodeM. See the code example "Monitor the Remote Realm Log and Audit File" for an illustration of usage.
The Universal Messaging Enterprise Manager provides an Audit panel that displays the contents of the remote audit file and receives real time updates as and when audit events are generated. The audit events that are written to the audit file are determined by the configuration specified in the Config panel (see
Realm Configuration) of the Universal Messaging Enterprise Manager.
Audit Events
Each audit event corresponds to an operation performed on an object within a realm. The audit event contains the date on which it occurred, the object and the operation that was performed on the object.
The list below shows the objects that audit events correspond to as well as the operations performed on them that are logged to the audit file:
Realm - CREATE, DELETE, ACCESS
Interfaces - CREATE, DELETE, MODIFY, START, STOP
Channels - CREATE, DELETE, MODIFY
Queues - CREATE, DELETE, MODIFY
Services - CREATE, DELETE
Joins - CREATE, DELETE
Realm ACL - CREATE, DELETE, MODIFY
Channel ACL - CREATE, DELETE, MODIFY
Queue ACL - CREATE, DELETE, MODIFY
Service ACL - CREATE, DELETE, MODIFY
The Audit Panel
To view audit events for a realm, select the realm, and go to Monitoring > Audit.
When you first connect to a realm, the Audit panel displays the last 20 audit events from its history. Audit files can become quite large over time on a heavily used realm, so the initial load is limited to just the last 20. After that, all subsequent audit events are shown in the Audit panel.
Each audit event is shown as a row in a table that has the following columns:
Date - The time at which the audit event occurred on the server
Originator - Who performed the operation
Type - What type of object was the action performed on
Action - What action was performed
Object - The name of the object
If the object type is an ACL for either a realm, resource or service, selecting the entry from the table will also display the ACL changes in the bottom section of the audit panel. For modified ACLs, each acl permission that has been granted or removed will be displayed as a green '+', or a red '-' respectively.
Streaming Audit Events
To stream the remote audit events from the realm to a local file, on the Audit panel, click Start Stream, and then select a file. This provides you with the option of replaying the entire audit file or just the last 20 audit entries.
The text below is an exert from a sample audit file than has been streamed from a server. Each entry that relates to a modified ACL shows the permissions that have been changed, and the permissions that are granted by either a + or -. For permissions that have remained the same, the letter 'N' for not change will be placed after the permission.
Fri Jan 21 15:43:40 GMT 2005,CHANACL,/customer/sales:*@*,MODIFY,paul weiss@localhost,
Full(-), Last Eid(N),Purge(-),Subscribe(N),Publish(-),Named Sub(N),Modify Acls(-),
List Acls(-),
Fri Jan 21 15:43:40 GMT 2005,QUEUEACL,/partner/queries:*@*,MODIFY,
paul weiss@localhost,Full(-),Purge(-), Peek(N),Push(-),Pop(-),Modify Acls(-),
List Acls(-),
Fri Jan 21 15:43:40 GMT 2005,QUEUEACL,/partner/queries:paul weiss@localhost,MODIFY,
paul weiss@localhost, Full(N),Purge(N),Peek(N),Push(N),Pop(N),Modify Acls(N),
List Acls(N),
Fri Jan 21 16:13:10 GMT 2005,INTERFACE,nhp0,CREATE,paul weiss@localhost,
Fri Jan 21 16:15:31 GMT 2005,INTERFACE,nhp0,MODIFY,paul weiss@localhost,
Archive Audit
Depending on what is logged to the audit file, the file can grow quite large. Because it is an audit and provides historical data, there is no automatic maintenance of the file and it is down to the realm administrators when the file is archived. To archive the audit file and start a new file, on the Audit panel, click Archive Audit.