When patch distribution and application processing is performed from the management console, the content of the operations performed in the Task management window is output as audit logs.
How to use audit logs
To collect audit logs for patch distribution and application processing, execute the process instance audit information acquisition command below.
[Windows]
<ServerView Resource Orchestrator installation directory>\SWRBAM\bin\swrba_audit |
[Linux]
/opt/FJSVswrbam/bin/swrba_audit |
The audit information that can be acquired for process instances is information about process instances that have completed since the last time the command was executed.
[Windows]
Administrator privileges are required. When using Windows Server 2008 operating system, run as an administrator.
This command can be executed on the admin server.
[Linux]
System administrator (superuser) privileges are required.
This command can be executed on the admin server.
Output file
The following table shows the file name, file size and number of generations for audit logs:
Log name | Description | File size | Number of generations |
|---|---|---|---|
swrba_audit.log | This log contains audit logs. | 10 MB | 10 generations (*1) |
*1:
The file switches to a new generation when the size of the file reaches 10 MB.
Even if the swrba_audit command is executed multiple times, information will be output to the same file, so long as the size of the file is less than 10 MB.
Once 10 generations (or 100 MB) are exceeded, the oldest file (swrba_audit9.log) is deleted.
Output destination
The output destination for logs is shown below.
[Windows]
Output destination | Output file |
|---|---|
<ServerView Resource Orchestrator installation directory>\SWRBAM\var\audit | swrba_audit[n].log (where "n" is the number of generations) |
[Linux]
Output destination | Output file |
|---|---|
/opt/FJSVswrbam/var/audit | swrba_audit[n].log (where "n" is the number of generations) |
Output format
Audit logs are CSV format files, with the following items output in the following order.
Information about a single process instance is displayed as a single record.
<Time when the process instance started>,<Person who started the process instance>,<Name of the process instance>,<Process instance state>,<Time when the process instance ended>,<Activity name>,<Task execution date/time>,<Person in charge>,<Status>,<Task processing>,...,<Task result> |
Item | Description |
|---|---|
Time when the process instance started | The time when the application was submitted |
Person who started the process instance | The user ID of the person who submitted the application |
Name of the process instance | Name of the process instance
|
Process instance state | State of the process instance closed: Indicates that the process instance has completed |
Time when the process instance ended | Time when the process instance ended yyyy-mm-dd hh:mm:ss.sss |
Activity name | Activity name
|
Task execution date/time | The date/time when the task was executed |
Person in charge | The user ID of the user that executed the task |
Status | The status of the task COMPLETED: Indicates that the task has completed |
Task processing | Name of the button used to execute the activity
|
Task result | The result of the submitted application
|
Output example
"2012-05-09 16:44:10.830","user1","Patch application request_Server1(VZG0D8L02O0001)_143312","closed","2012-05-09 17:04:02.857","Patch application acceptance","2012-05-0916:44:12.138","111004","COMPLETED","apply","Exit" |
Point
By using the scheduling function provided by the operating system (such as Task Scheduler for Windows or cron for Linux) to set up a schedule so that the process instance audit information acquisition command is executed at regular intervals, the audit logs for the process instances that have executed in between the last time the command was executed and the current command execution will be collected.
