When operations are performed on the CMDB via agents, commands, or the Maintenance window (displayed from the Configuration management window on the management console), the content of the operation is output as an audit log.
Audit logs are output to the following file:
[Windows]
%SWCMDB_INSTALL_PATH%\FJSVcmdbm\var\log\audit\audit.log |
[Linux]
/opt/FJSVcmdbm/var/log/audit/audit.log |
Up to 10 generations of audit log files are kept, named "audit.log", "audit.log.1", "audit.log.2", and so on up to "audit.log.9". Each audit log is 5 MB. Once the maximum number of generations is exceeded, the oldest file (audit.log.9) is deleted.
Output format for audit logs
<Date/time>,<Operation location>,<Execution host>,<Operator>,<Operation type>,<Operation target>,<Operation content>,<Execution result>,<Component>,<Additional information>,<Reserved area> |
<Date/time>: This item indicates the date and time in "date time time-difference" format.
<Operation location>: This item indicates the IP address of the machine where the operation was performed
<Execution host>: This item indicates the host name of the machine where the operation was performed (the machine hosting the CMDB manager).
<Operator>: This item indicates information on the agent or command that performed the operation.
If the operation was performed by an agent, this item indicates the agent ID. However, if it is the first operation and the agent ID has not yet been set up, this item indicates the agent type name.
If the operation was performed by a command, this item indicates the OS user name for the user that executed the command.
<Operation type>: This item indicates the operation name.
<Operation target>: This item indicates the target and result of the operation in "name=value;" format.
<Operation content>: This item indicates the content of the operation. If the execution result is operation failure, this item indicates error details.
<Execution result>: This item indicates one of the following values:
S: Success
F: Failure
<Component>: This item indicates "FSERV".
<Additional information>: This item indicates any additional information for the operation in "name=value;" format.
<Reserved area>: This item is not used. No value is set for this item.
Output example
"2012/05/10 15:29:37.009 +0900","192.168.1.10","Server1","mdr000000000005","addEntities","id=gid000000000086; type=LogicalServer; record=observed; version=1;","updateEntity","S","FSERV","","" "2012/05/10 15:44:21.878 +0900","192.168.1.10","Server1","Administrator","updateEntities","id=gid000000000714; type=Patch; record=cataloged; version=3;","updateEntity","S","FSERV","","" "2012/05/10 15:44:21.882 +0900","192.168.1.10","Server1","Administrator","updateEntities","id=gid000000000689; type=Patch; record=cataloged; version=3;","updateEntity","S","FSERV","","" "2012/05/10 15:53:24.214 +0900","192.168.1.10","Server1","SYSTEM","updateEntity","id=gid000000008583; type=Server; record=observed; version=1;","addEntity","S","FSERV","","" "2012/05/10 15:53:48.316 +0900","192.168.1.10","Server1","SYSTEM","updateEntity","id=gid000000008584; type=Server; record=observed; version=1;","addEntity","S","FSERV","","" "2012/05/10 15:54:27.822 +0900","192.168.1.10","Server1","SYSTEM","addEntity","id=gid000000008583; type=Server; record=observed; version=1;","updateEntity","S","FSERV","","" "2012/05/10 15:55:28.062 +0900","192.168.1.10","Server1","SYSTEM","addEntity","id=gid000000008583; type=Server; record=observed; version=1;","updateEntity","S","FSERV","","" |
