Storing the Audit Log Data

Software AG Products 10.5 | Administering CentraSite | Managing Logs | Audit Logs for User Information | Storing the Audit Log Data

To store the audit log of user information through the Command Line Interface, you must have the CentraSite Administrator role.

When you use the start auditLog command, CentraSite logs the information in the current audit log.

In certain circumstances, you may want to read the audit log and display the information as a standard output or write the information to a file.

CentraSite provides a command tool named unload auditLog for this purpose.

To start the logging of CentraSite user information

Run the command unload auditLog.

The syntax is of the format C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd unload auditLog [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> [-outputFile <LOGDATA-FILE>] [-logNumber <LOG-NUMBER>]

The input parameters are:

Parameter	Description
CENTRASITE-URL	(Optional). The URL of the CentraSite registry. For example, http://localhost:53307/CentraSite/CentraSite.
USER-ID	The user ID of a registered CentraSite user who has the CentraSite Administrator role. For example, Administrator.
PASSWORD	The password for the registered CentraSite user.
LOGDATA-FILE	(Optional). The name of the file to which the data is to be written.
LOG-NUMBER	(Optional). The log file number to be processed. Note: If you are starting the audit log for the first time, the log entries are written to audit log 1. You can select to write the log entries to the next audit log file using the switch auditLog command.

Example (UNIX):

odsinst@daeinmsus21:/opt/softwareag/CentraSite/utilities> ./CentraSiteCommand.sh unload auditlog -user Administrator -password manage

The response to this command is in XML as follows:

Executing the command : unload auditLog
<?xml version="1.0" encoding="UTF-8" ?><ino:response
xmlns:ino="http://namespaces.softwareag.com/tamino/response 2"
xmlns:xql="http://metalab.unc.edu/xql/"><ino:message
ino:returnvalue="0"><ino:messageline>starting admin command
ino:AuditLog('unload','')</ino:messageline></ino:message>
<AuditLog no='1'>
<A t='1970-01-01T00:00:00Z' a='A' />
<A t='2015-02-17T14:31:33Z' a='S' u='INTERNAL\Administrator' />
<A t='2015-02-17T14:31:41Z' a='0' u='INTERNAL\Administrator' />
<A t='2015-02-17T14:31:41Z' a='U' u='INTERNAL\Administrator' />
</AuditLog>
<ino:message ino:returnvalue="0"><ino:messageline>admin command
ino:AuditLog('unload','')
completed</ino:messageline></ino:message></ino:response>
Successfully executed the command : unload auditLog

Code	Audit Log Type
A	Active
I	Inactive
P	Purge
R	Switch
S	Start
T	Stop
U	unload
V	User data
X	Unused
Y	Unknown
Z	Record
0	Connect
1	Create
2	Update
3	Delete
4	Set Access Control List (ACL)
5	Update ACL
6	Unset ACL
7	Commit
8	Rollback
9	Disconnect

Note:
You might also see the following additional attributes in the log entries:

f - File number

d - Doc type (if it is available)

i - ID (INO-ID) of the document added/updated/deleted.

n - Name (if it is available)

k - UDDI key

p - Payload (p=1, if the log entry contains a payload; p=2, if a log entry has a payload information, but it is too large to be included in the log entry.

s - Session number