Audit Events
Each audit event corresponds to an operation performed
on an object within a realm. The audit event contains
the date on which it occured, the object and the operation
that was performed on the object.
The list below shows the objects that audit events
correspond to as well as the operations performed on
them which are logged to the audit file:
Realm - CREATE, DELETE, ACCESS
Interfaces - CREATE, DELETE, MODIFY,
START, STOP
Channels - CREATE, DELETE, MODIFY
Queues - CREATE, DELETE, MODIFY
Services - CREATE, DELETE
Joins - CREATE, DELETE
Realm ACL - CREATE,
DELETE, MODIFY
Channel ACL - CREATE, DELETE, MODIFY
Queue ACL - CREATE, DELETE, MODIFY
Service ACL - CREATE, DELETE, MODIFY
Audit Panel
The audit panel displays audit events for a realm server.
You can view the audit panel by clicking on the realm
you wish to view theb audit file for within the namespace
and selecting the panel labelled 'Audit'. The image
below shows an example of the audit panel for a Nirvana
Realm.
When you first connect to a realm, the audit panel
will display the last 20 audit events from its history.
Audit files can become quite large over time on a heavily
utilised realm, so the initial load is limited to just
the last 20. After that all subsequent audit events
will be shown in the audit panel.
Each audit event is shown as a row in a table. The
table has 5 columns:
Date - The time at which the audit
event occurred on the server
Originator - Who performed the operation
Type - What type of object was the
action performed on
Action - What action was performed
Object - The name of the object
If the object type is an acl for either realm, channel,
queue or service, selecting the entry from the table
will also display the acl changes in the bottom section
of the audit panel. For modified acls, each acl permission
that has been granted or removed will be displayed as
a green '+', or a red '-' respectively.
Audit Stream
The audit panel provides a button that enables you
to stream the remote audit events from the realm to
a local file. This also provides you with the option
of replaying the entire audit file.
Clicking on the 'Start Stream' button will prompt you
with a file chooser dialog to select the location and
name of the file that the audit events will be streamed
to. Once you have selected this file, you will be prompted
whether you wish to replay the entire audit file into
the stream or just the last 20 audit entries. The image
below shows this dialog:
The text below is an exert from a sample audit file
than has been streamed from a server. Each entry that
relates to a modified ACL shows the permissions that
have been changed, and the permissions that are granted
by either a + or -. For permissions that have remained
the same, the letter 'N' for not change will be placed
after the permission.
Fri Jan 21 15:43:40 GMT 2005,CHANACL,/customer/sales:*@*,MODIFY,paul
weiss@localhost,Full(-),Last Eid(N),Purge(-),Subscribe(N),Publish(-),Named
Sub(N),Modify Acls(-),List Acls(-),
Fri Jan 21 15:43:40 GMT 2005,QUEUEACL,/partner/queries:*@*,MODIFY,paul
weiss@localhost,Full(-),Purge(-),Peek(N),Push(-),Pop(-),Modify
Acls(-),List Acls(-),
Fri Jan 21 15:43:40 GMT 2005,QUEUEACL,/partner/queries:paul
weiss@localhost,MODIFY,paul weiss@localhost,Full(N),Purge(N),Peek(N),Push(N),Pop(N),Modify
Acls(N),List Acls(N),
Fri Jan 21 16:13:10 GMT 2005,INTERFACE,nhp0,CREATE,paul
weiss@localhost,
Fri Jan 21 16:15:31 GMT 2005,INTERFACE,nhp0,MODIFY,paul
weiss@localhost,
Archive Audit
The audit panel provides a button that enables you
to archive the audit file. As mentioned before, depending
on what is being logged to the audit file, the file
can grow quite large. As it's an audit and provides
historical data, there is no automatic maintenance of
the file it is down to the realm administrators when
the file is archived. The Archive audit button when
clicked will simply rename the existing audit file to
a name with the current date, and start a new audit
file.
|
