Top
Systemwalker Operation Manager  User's Guide
FUJITSU Software

12.2 Example Operation Using Audit Logs

Administrators can look up and analyze audit logs using text editors or spreadsheet software such as Microsoft(R) Excel.

This section describes the procedure for looking up and analyzing audit logs, and also presents a usage example.

Procedure for looking up and analyzing audit logs

Use the following procedure to look up and analyze audit logs.

Operation procedure

  1. Import the audit log file from the output destination on the Systemwalker Operation Manager server specified in the audit log definitions to a text editor or a spreadsheet program such as Microsoft(R) Excel.

    Audit logs are recorded in audit log files in CSV format as shown below, with each item separated by a comma.

    "2006/09/26 11:25:12.672 +0900","10.90.100.100","host1","user1","ADD_PROJECT","SUBSYSTEM=0;PROJECT=PRJ01;"," The project is added.",S,"MPJOBSCH","PID=8045;",
    "2006/09/26 11:30:41.835 +0900","10.90.100.100","host1","user1","ADD_JOBNET","SUBSYSTEM=0;PROJECT=PRJ01;JOBNET=JOBNET01;"," The job net is added.",S,"MPJOBSCH","PID=8045;",
    "2006/09/26 11:30:45.390 +0900","10.90.100.100","host1","user1","START_JOBNET","SUBSYSTEM=0;PROJECT=PRJ01;JOBNET=JOBNET01;"," The job net is started.",S,"MPJOBSCH","PID=8045;",

  2. Look up and analyze audit logs by using the search and sort functions of the text editor or spreadsheet program (such as Microsoft(R) Excel) to extract the desired audit logs.

    Audit logs can be analyzed efficiently using Microsoft(R) Excel's filter and sorting functions.

Audit log usage examples

Several audit log usage examples are shown below.

Examples utilizing records that include specific information that matches the analysis objectives

To isolate information relating to changes and operations on a particular job net, use the job net name as a keyword to search for and extract audit logs that include the specific job net name, and then analyze the content of these audit logs.

For details on search keywords, see "Appendix B List of Search Keywords for Audit Logs."

The main information contained in audit logs is as follows:

Date

The date that the operation was performed

Operation location

The location where the operation was performed

Execution host

The name of the host where the operation was actually executed

Operator

The name of the user that performed the operation

Operation type

The category for the content of the operation performed (addition, change, deletion, etc.)

Operation target

Information that identifies the operation (project name, subsystem number, job net name, calendar name, etc.)

Operation content

The content of the operation

Execution result

Whether the executed operation was successful

For details on audit logs, see the Systemwalker Operation Manager Reference Guide.

Examples of how to use audit logs when problems occur

When problems occur, checking the following records (in addition to the event log/syslog and job execution histories) can be a useful way to isolate the cause of problems.