catauditlog
Use the catauditlog command to display the in-memory contents of the audit log.
Syntax
>>- catauditlog --+----------+-- --+-----------------------+----> '- -nohdr -' '- -delim -- delimiter -' >-- --+-----------------------------------------+-- ----------->< '- -first -- number_of_entries_to_return -'
Parameters
- (Optional) By default, headings are displayed for each column of data in a concise style view,
and for each item of data in a detailed style view. The -nohdr parameter
suppresses the display of these headings.Note: If there is no data to be displayed, headings are not displayed.
- (Optional) By default in a concise view, all columns of data are space-separated. The width of each column is set to the maximum possible width of each item of data. In a detailed view, each item of data has its own row, and if the headers are displayed, the data is separated from the header by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a one-byte character. If you enter -delim : on the command line, the colon character (:) separates all items of data in a concise view; for example, the spacing of columns does not occur. In a detailed view, the data is separated from its header by the specified delimiter.
- (Optional) Specifies the number of most recent entries to display.
Description
This command lists a specified number of the most recently audited commands.
Use this command to display the in-memory audit log. Use the dumpauditlog command to manually dump the contents of the in-memory audit log to a file on the current configuration node and clear the contents of the in-memory audit log
The in-memory portion of the audit log holds approximately 1 MB of audit information. Depending on the command text size and the number of parameters, this equals 1 MB records or approximately 6000 commands.
Once the in-memory audit log reaches maximum capacity, the log is written to a local file on the configuration node in the /dumps/audit directory. The catauditlog command only displays the in-memory part of the audit log; the on-disk part of the audit log is in readable text format and does not require any special command to decode it.
The in-memory log entries are reset and cleared automatically, ready to accumulate new commands. The on-disk portion of the audit log can then be analyzed at a later date.
The lsdumps command with -prefix parameter (and the /dumps/audit file) can be used to list the files on the disk.
As commands are executed, they are recorded in the in-memory audit log. When the in-memory audit log becomes full, it is automatically dumped to an audit log file and the in-memory audit log is cleared.
An invocation example
This example lists the five most recent audit log entries.
catauditlog -delim : -first 5
The resulting output:
audit_seq_no timestamp cluster_user challenge source_panel target_panel ssh_ip_address result res_obj_id action_cmd
0 160313152255 superuser 7830619-2 7830619-2 0 0 satask restartservice -service tomcat
1 160313152303 superuser 01-2 01-1 9.174.187.11 0 0 satask chnodeled -on 01-1
2 160313152312 superuser 01-1 01-2 9.174.187.11 0 0 satask chnodeled -on 01-2
3 160313152314 superuser 01-1 01-1 9.174.187.11 0 0 satask chnodeled -on
4 160313152316 superuser 9.174.187.11 0 0 svctask chenclosure -managed yes 1
5 160313152349 superuser 9.174.187.11 0 0 svctask mkmdiskgrp -ext 256
6 160313152352 superuser 9.174.187.11 0 0 svctask mkarray -level raid5 -drive 3:4:5 0