|
|
The nbauditreport command lets you create and view a NetBackup audit report.
When auditing is configured in a NetBackup environment, the following user-initiated actions in NetBackup are recorded and available to view in an audit report:
This command only creates and displays the audit report. You must use the nbemmcmd -changesetting -AUDIT ENABLED and nbemmcmd -changesetting -AUDIT DISABLED commands to enable and disable auditing itself.
More information is available on auditing and audit reports.
See the Auditing NetBackup administration chapter of the NetBackup Administrator's Guide, Vol. I.
Specifies the type of information to be displayed in the audit report. The following are the possible values for this option:
The default condition, when none of the options is specified, is to display the audit report of all categories.
Specifies the output format of the audit report.
SUMMARY is the default condition (no option used). The audit report is a summary only. It displays the audit report in columnar format using the description, user, and timestamp headings.
DETAIL displays a comprehensive list of auditing information. For example, when a policy is changed, this view lists the name of the attribute, the old value, and the new value.
PARSABLE displays the same set of information as the DETAIL report but in a parsable format. The report uses the pipe character (|) as the parsing token between the audit report data.
Sets the start date/time (-sdate) or the end date/time (-edate) of the audit report data that you want to view. No time indication is necessary.
If the start date is specified and the end date is not, the displayed audit data is from the specified start time to the present. If the end date is specified and the start date is not, the displayed audit data is up to the present.
Displays the old and new values of a changed attribute on separate lines in the details section of the report. This option is used with the -fmt DETAIL option.
Specifies the order in which the information is displayed in the parsable format of the audit report. This option can be used only with the -fmt PARSABLE option. The D, T, and U designators represent the following parameters:
Specifies the page width for the details section of the audit report. This option is used with the -fmt DETAIL option.
Indicates the name of the user for whom you want to display audit information.
The following command displays all audit events that are reported from April 1, 2010 to the present.
# nbauditreport -sdate 04/01/10 USER DESCRIPTION TIMESTAMP Admin@entry Schedule 'test1' was added to Policy 'test1' 04/06/10 Admin@entry Audit setting(s) of master server 'server1' were modified 04/06/10 Admin@entry Audit setting(s) of master server 'server1' were modified 04/06/10 sys@server1 The nbaudit service on master server 'server1' was started 04/06/10 sys@server1 The nbaudit service on master server 'server1' was stopped 04/06/10 sys@server1 The nbaudit service on master server 'server1' was started 04/06/10 sys@server1 The nbaudit service on master server 'server1' was started 04/01/10 Audit records fetched: 7
The following command displays a detailed audit report for when Joe modified a set of policy attributes. Because the policy was changed only one time since 6/8/10, one audit record is retrieved.
# nbauditreport -fmt DETAIL -ctgy POLICY -sdate 6/8/10 DESCRIPTION: Attributes of Policy 'pol_stugrp' were modified USER: joe TIMESTAMP: 06/08/2010 19:14:25 CATEGORY: POLICY ACTION: MODIFY DETAILS: ATTRIBUTE OLD VALUE NEW VALUE 1 Proxy Client 2 Residence stu_grp 3 Collect TIR info 2 0 4 Checkpoint Restart 0 1 5 Checkpoint Interval 0 15 6 Data Mover Type 2 -1 7 Collect BMR Info 1 0 8 Policy Generation 1 2 Audit records fetched: 1
The DETAILS entry shows the old value and new value of all the attributes that Joe changed.