Displays all log entries matching some criteria.
tarantella query audit { --appapp
| --personperson
| --hosthost
| --filterfilter
} [ --serverarrayhost
] [ --format text|csv|xml ]
The following table shows the available options for this command.
Option | Description |
---|---|
| Displays log entries referring to a specific application. Use the object name for the application. |
| Displays log entries referring to a specific person. Use the object name for the person. |
| Displays log entries referring to a specific SGD server. Use the object name or a peer DNS name for the server. |
|
An RFC2254-compliant LDAP search filter to find matching
entries to display. Enclose the filter in quotes. You
can use the |
| Only show log entries from the specified SGD server. Use a peer DNS name. If you omit this option, log entries across the entire array are displayed. |
|
Specifies the output format. The default setting is
|
The output that you see depends on the Log Filter settings for
the array. To produce log entries for processing by this
command, make sure the Log Filter attribute on the Global
Settings → Monitoring tab in the Administration Console
includes at least one filter that outputs to a
.jsl
file.
The attributes you use in the filter are the log fields used in
the .jsl
log files. The following table lists
the commonly used attributes.
Field Name | Description |
---|---|
|
The logging component/sub-component/severity setting
used in the log filters. For example, to find entries
for a server/printing/* log filter, you can use a
|
|
The system date and time when the event took place. The
format is |
| The IP address of a client or server associated with an event. |
| The keyword for auditable events. |
| The peer DNS name of the SGD server where the event took place. |
| The process ID of the event. |
|
The type of security used on a connection,
|
| The system Coordinated Universal Time (UTC) time, in milliseconds, when the event took place. |
| The name of an object associated with an event. For example, starting an application session can record the name of the user, the application and the SGD server. |
A complete list of all the log fields is available in
the
/opt/tarantella/var/serverresources/schema/log.at.conf
schema file.
The following example displays all log entries for the UNIX system user indigo that were logged on the SGD server boston.example.com.
# tarantella query audit \ --person .../_user/indigo --server boston.example.com
The following example outputs all log entries that refer to the Write-o-Win application, in comma-separated values (CSV) format.
# tarantella query audit \ --app "o=applications/cn=Write-o-win" --format csv
The following example outputs all log errors that occurred on or after 23 October 2003 for the Write-o-Win application, in human-readable text format.
# tarantella query audit \ --filter "(&(log-category=*error*)(log-tfn-name=o=applications/cn=Write-o-win) \ (log-date>=2003/10/23 00:00:00.0))" \ --format text