Make definitions for saving records of operations that have been performed on Systemwalker Operation Manager.

When Systemwalker Operation Manager is installed, audit logs are set up so that they are output.

The default settings for the output destination for audit logs and the number of days for storing audit logs are as follows:

• Output destination for audit logs

  [Windows]

  Systemwalker Operation Manager installation directory\MPWALKER.JM\mpcmtool\audit

  [UNIX]

  /var/opt/FJSVftlo/audit/

• Number of days for storing audit logs

  31 days

To make audit log output settings by changing the default output destination or number of storage days, refer to "Changing audit log output settings".

To not output audit logs, cancel audit log output by referring to "Canceling audit log output".

To manage audit logs centrally on the Operation Management Server by collecting logs from each server using the Systemwalker Centric Manager audit log management function, the settings for the audit log management function must be changed. Change the settings by referring to "Changing the settings for Systemwalker Centric Manager audit log management function".

If the output destination or number of storage days for audit logs is changed, make sure that there is sufficient disk capacity, taking the size of the audit log files into account. This section describes how to change the settings for audit log output under the following headings:

• Deciding the output destination and number of storage days for audit logs

• Estimating the size of audit log files

• Output settings for audit logs

• Protecting audit log files

• Checking the settings for audit log output

Decide the output destination and number of storage days for audit logs by considering the nature of the business and the operation mode of Systemwalker Operation Manager. The maximum number of days that can be set for storing audit logs is either 99 or infinite ("unlimit").

Note that audit log files are only held for the specified number of days, so it is recommended that audit log files be backed up regularly if necessary.

Estimate the size of the audit log files for the output destination and the number of storage days that have been decided. Review the output destination and the number of storage days if there is not enough disk space on the output destination.

Refer to "Hardware Resources" in the Systemwalker Operation Manager Technical Guide for information about formulas for estimating the size of audit log files.

Use the following procedure to change the output settings for audit logs according to the output destination and the number of storage days that have been decided.

1. Stop the Systemwalker Operation Manager service or daemon.

2. Make audit log output settings.

   Execute the mpsetlogsend_omgr audit log setup command on the Systemwalker Operation Manager server as the system administrator. Change the output destination and the number of storage days by specifying command options.

   [Windows]

   Systemwalker installation directory\MPWALKER.JM\bin\mpsetlogsend_omgr -f <output file name> -k {<number of storage days>|unlimit}

   [UNIX]

   /usr/bin/mpsetlogsend_omgr -f <output file name> -k {<number of storage days>|unlimit}

   For details on the mpsetlogsend_omgr command, refer to the Systemwalker Operation Manager Reference Guide.

3. Start the Systemwalker Operation Manager service or daemon.

To protect audit log files, refer to "2.5.5 Define User Restrictions".

To check the audit log output settings after they have been made, execute the mpsetlogsend_omgr command without specifying any options.

Refer to the Systemwalker Operation Manager Reference Guide for details on what needs to be checked.

To cancel audit log output, execute the following command and then restart Systemwalker Operation Manager.

[Windows]

[UNIX]

To restart audit log output once it has been canceled, perform the procedure described in "Output settings for audit logs" again.

If a Systemwalker Centric Manager Operation Management Server, Asset Management Server, Section Management Server, Job Server or Operation Management Client has been installed on a Systemwalker Operation Manager server, Systemwalker Operation Manager audit logs can be collected on the Operation Management Server by using the audit log management function on the Operation Management Server. Refer to the Systemwalker Centric Manager Solution Guide - Security for details on the audit log management function.

To change the output destination for Systemwalker Operation Manager audit logs, use the following procedure.

Note that this procedure varies depending on the version and level of Systemwalker Centric Manager that has been installed.

If Systemwalker Centric Manager V13.2.0 or later has been installed

1. Execute the following command on the Systemwalker Operation Manager server where the output destination is to be changed.

   [Windows]

   Systemwalker installation directory\MPWALKER.JM\bin\mpsetlogsend_omgr -f <output file name > -k {<number of storage days>|unlimit}

   [UNIX]

   /usr/bin/mpsetlogsend_omgr -f <output file name> -k {<number of storage days>|unlimit}

   For more information on how to use the mpatmlog command, refer to the Systemwalker Centric Manager Reference Guide.

2. Apply the changes to the output destination settings.

   To apply the new settings after the output destination for audit logs has been changed, restart Systemwalker Operation Manager on the server where the changes have been made.

3. Collect audit logs from the server where the collection settings have been changed to the Operation Management Server.

   Collect audit logs by executing the following command on the Operation Management Server, in order to collect all the information (existing before the audit log output destination was changed) on the Operation Management Server.

   [Windows]

   Systemwalker installation directory\mpwalker.dm\bin\mpatmlog -H <target server name>

   [UNIX]

   /opt/systemwalker/bin/mpatmlog -H <target server name>

   Refer to the Systemwalker Centric Manager Reference Guide for details on how to use the mpatmlog command.

   Also, once collection of existing audit logs to the Operation Management Server has completed, delete the audit logs stored in the old output destination (existing before the settings were changed) if they are no longer required.

4. Update the audit log collection settings.

   Update the collection destination settings by executing the Systemwalker Operation Manager audit log setup command. Perform this operation on the Systemwalker Operation Manager server where the settings have been changed.

   mpsetlogsend_omgr -y

If Systemwalker Centric Manager V13.1.0 has been installed

Information for collecting Systemwalker Operation Manager audit logs can be registered by executing the mpatmlogapdef command with the following options specified. Refer to the Systemwalker Centric Manager Reference Guide for details on the mpatmlogapdef command.

To set up log collection for the first time:

• ADD option

• -A option (log identifier)

  OMGRLog

• -M option

  ASC

• -L option (name of the log file to be collected)

  audit log output file name*

• -F option (date format definition file name)

  [Windows]

  Systemwalker installation directory\mpwalker.dm\MpAtm\fmt\mpatmcmgroplog.fmt

  [Solaris/Linux]

  /etc/opt/FJSVmpatm/fmt/mpatmcmgroplog.fmt

A settings example is shown below.

[Windows]

In this example, Systemwalker Centric Manager V13.1.0 has been installed, and the Systemwalker installation directory is "C:\WIN32APP" and the name of the output file for audit logs is "C:\WIN32APP\mpwalker.jm\mpcmtool\audit\mp_omgr_audit".

[Solaris/Linux]

In this example, Systemwalker Centric Manager V13.1.0 has been installed and the name of the output file for audit logs is "/var/opt/FJSVftlo/audit/mp_omgr_audit".

To cancel log collection:

• REP option

• -A option (log identifier)

  OMGRLog

• -E option

  NO

A settings example is shown below.

[Windows]

[Solaris/Linux]

To cancel or restart log collection for Systemwalker Operation Manager, perform the following procedure on the Systemwalker Operation Manager server.

Note that this procedure varies depending on the version and level of Systemwalker Centric Manager that has been installed.

If Systemwalker Centric Manager V13.2.0 or later has been installed

To cancel audit log collection, specify "-n" as an option for the mpsetlogsend_omgr command. Alternatively, to change the settings so that audit logs are collected if they are not currently being collected, specify the "-y" option.

If Systemwalker Centric Manager V13.1.0 has been installed

Information for collecting Systemwalker Operation Manager audit logs can be changed by executing the mpatmlogapdef command with the following options specified. Refer to the Systemwalker Centric Manager Reference Guide for details on the mpatmlogapdef command.

To change the log collection destination (where log collection settings for Systemwalker Operation Manager have already been registered):

• REP option

• -A option (log identifier)

  OMGRLog

• -L option (name of the log file to be collected)

  audit log output file name*

A settings example is shown below.

[Windows]

In this example, the name of the output file for audit logs is "C:\WIN32APP\mpwalker.jm\mpcmtool\audit\mp_omgr_audit".

[Solaris/Linux]

In this example, the name of the output file for audit logs is "/var/opt/FJSVftlo/audit/mp_omgr_audit".

To cancel log collection:

• REP option

• -A option (log identifier)

  OMGRLog

• -E option

  NO

A settings example is shown below.

[Windows]

[Solaris/Linux]

To restart log collection (where log collection settings for Systemwalker Operation Manager have already been registered):

• REP option

• -A option (log identifier)

  OMGRLog

• -E option

  YES

A settings example is shown below.

[Windows]

[Solaris/Linux]