Audit Panel
Universal Messaging Realm Servers log administration operations performed on the realm to a file. These events are called Audit Events and are stored in a local file called Universal MessagingAudit.mem. These audit events are useful for tracking historical information about the realm and who performed what operation and when. The Universal Messaging Administration API provides the ability to consume the audit file entries from an nRealmNodeM. See the code example "Realm Log and Audit Listener" for an illustration of usage.
The Universal Messaging Enterprise Manager provides an Audit Panel that displays the contents of the remote audit file and receives real time updates as and when audit events are generated. The audit events that are written to the audit file are determined by the configuration specified in the Config Panel (see
Realm Configuration) of the Universal Messaging Enterprise Manager.
Audit Events
Each audit event corresponds to an operation performed on an object within a realm. The audit event contains the date on which it occurred, the object and the operation that was performed on the object.
The list below shows the objects that audit events correspond to as well as the operations performed on them which are logged to the audit file:
Realm - CREATE, DELETE, ACCESS
Interfaces - CREATE, DELETE, MODIFY, START, STOP
Channels - CREATE, DELETE, MODIFY
Queues - CREATE, DELETE, MODIFY
Services - CREATE, DELETE
Joins - CREATE, DELETE
Realm ACL - CREATE, DELETE, MODIFY
Channel ACL - CREATE, DELETE, MODIFY
Queue ACL - CREATE, DELETE, MODIFY
Service ACL - CREATE, DELETE, MODIFY
Audit Panel
The audit panel displays audit events for a realm server. You can view the audit panel by clicking on the realm you wish to view the audit file for within the namespace and selecting the panel labeled 'Audit' from within the 'Monitoring' panel of the selected realm. The image below shows an example of the audit panel for a Universal Messaging Realm.
When you first connect to a realm, the audit panel will display the last 20 audit events from its history. Audit files can become quite large over time on a heavily utilised realm, so the initial load is limited to just the last 20. After that all subsequent audit events will be shown in the audit panel.
Each audit event is shown as a row in a table. The table has 5 columns:
Date - The time at which the audit event occurred on the server
Originator - Who performed the operation
Type - What type of object was the action performed on
Action - What action was performed
Object - The name of the object
If the object type is an ACL for either realm, resource or service, selecting the entry from the table will also display the ACL changes in the bottom section of the audit panel. For modified ACLs, each acl permission that has been granted or removed will be displayed as a green '+', or a red '-' respectively.
Audit Stream
The audit panel provides a button that enables you to stream the remote audit events from the realm to a local file. This also provides you with the option of replaying the entire audit file.
Clicking on the 'Start Stream' button will prompt you with a file chooser dialog to select the location and name of the file that the audit events will be streamed to. Once you have selected this file, you will be prompted whether you wish to replay the entire audit file into the stream or just the last 20 audit entries. The image below shows this dialog:
The text below is an exert from a sample audit file than has been streamed from a server. Each entry that relates to a modified ACL shows the permissions that have been changed, and the permissions that are granted by either a + or -. For permissions that have remained the same, the letter 'N' for not change will be placed after the permission.
Fri Jan 21 15:43:40 GMT 2005,CHANACL,/customer/sales:*@*,MODIFY,paul weiss@localhost,
Full(-), Last Eid(N),Purge(-),Subscribe(N),Publish(-),Named Sub(N),Modify Acls(-),
List Acls(-),
Fri Jan 21 15:43:40 GMT 2005,QUEUEACL,/partner/queries:*@*,MODIFY,
paul weiss@localhost,Full(-),Purge(-), Peek(N),Push(-),Pop(-),Modify Acls(-),
List Acls(-),
Fri Jan 21 15:43:40 GMT 2005,QUEUEACL,/partner/queries:paul weiss@localhost,MODIFY,
paul weiss@localhost, Full(N),Purge(N),Peek(N),Push(N),Pop(N),Modify Acls(N),
List Acls(N),
Fri Jan 21 16:13:10 GMT 2005,INTERFACE,nhp0,CREATE,paul weiss@localhost,
Fri Jan 21 16:15:31 GMT 2005,INTERFACE,nhp0,MODIFY,paul weiss@localhost,
Archive Audit
The audit panel provides a button that enables you to archive the audit file. As mentioned before, depending on what is being logged to the audit file, the file can grow quite large. As it's an audit and provides historical data, there is no automatic maintenance of the file it is down to the realm administrators when the file is archived. The 'Archive Audit' button when clicked will simply rename the existing audit file to a name with the current date, and start a new audit file.