Looking at the Audit Log File (asg_auditlog)
Use asg_auditlog to see the contents of the auditlog file. This log file contains an entry for each change made to the SGM configuration database with gclish or other commands. The auditlog file for each SGM is located in the /var/log directory.
The asg_auditlog command collects and summarizes records from the SGMs. The output shows actions that occur on different SGMs within a certain time period (default 5 seconds) on one line. These are considered to be global actions applicable to all SGMs. You can change this time period.
The log contains two types of activities:
- The activity permanently changes the configuration database on the SGM hard disk.
- The activity changes the configuration database in SGM memory, which does not survive reboot.
Syntax
> auditlog [-b <sgm_ids>] [-d <n>] [-tail [n]] [-f <filter>]
Parameter
|
Meaning
|
-b <sgm_ids>
|
Works with SGMs and/or Chassis as specified by <sgm_ids>.
<sgm_ids> can be:
- No <sgm_ids> specified or
all shows all SGMs and Chassis - One SGM
- A comma-separated list of SGMs (
1_1,1_4) - A range of SGMs (
1_1-1_4) - One Chassis (
Chassis1 or Chassis2) - The active Chassis (
chassis_active)
|
-d <n>
|
Number of seconds between the same actions that occur on different SGMs, which show on one output line. Default = 5 seconds.
|
-tail <n>
|
Show only last n lines of the log file for each SGM. For example, -tail 3 shows only the last three lines of the specified log file. Default = 10 lines.
|
-f <filter>
|
Word or phrase to use as an output filter. For example, -f t shows only transient changes.
|
Example - Show last lines
This example shows the last five activities, in this case, actions.
> asg_auditlog -tail 5
Feb 3 05:30:49 admin localhost p -command:cpstop t [1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p -command:cpstop:description Stop\ Check\ Point\ products\ installed [1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p +command:cpstop:description Global\ extension\ for\ cpstop
1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p -command:cpstop:description Global\ extension\ for\ cpstop
1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p -command:cpstop:path /bin/cpstop_start [1 Blades: 1_03]
Notes:
- = Permanent action that added or changed an item in the configuration database.
- = Permanent action that deleted an item in the configuration database
- = Transient action that added or changed an item in the configuration database in memory only.
- = Transient action that deleted an item in the configuration database in memory only.
Example - filter
This example shows only permanent configuration save actions.
> asg_auditlog -f p +configurationSave
Feb 3 15:21:51 admin localhost p +configurationSave t [2 Blades: 1_01,1_02]
Feb 3 15:21:58 admin localhost p +configurationSave t [2 Blades: 1_03,1_04]
Feb 3 15:22:03 admin localhost p +configurationSave t [3 Blades: 1_01,1_02,2_02]
Feb 3 15:22:08 admin localhost p +configurationSave t [4 Blades: 2_01,2_03,2_04,2_05]
Feb 3 15:24:23 admin localhost p +configurationSave t [2 Blades: 1_03,1_04]
Feb 3 15:24:24 admin localhost p +configurationSave t [2 Blades: 1_03,1_04]
Feb 3 15:24:29 admin localhost p +configurationSave t [5 Blades: 1_03,1_04,2_03,2_04,
Feb 3 15:24:30 admin localhost p +configurationSave t [4 Blades: 2_01,2_03,2_04,2_05]
Feb 3 15:24:35 admin localhost p +configurationSave t [2 Blades: 2_01,2_02]
Feb 3 15:24:36 admin localhost p +configurationSave t [1 Blades: 2_02]
Feb 3 15:24:44 admin localhost p +configurationSave t [2 Blades: 2_01,2_03]
Feb 3 15:24:51 admin localhost p +configurationSave t [2 Blades: 2_02,2_04]
Feb 3 15:24:56 admin localhost p +configurationSave t [1 Blades: 2_05]
|
