Looking at the Auditlog File (asg_auditlog)
Use the asg_auditlog command to see the contents of the auditlog file. This log file contains an entry for each change made to the SGM configuration database with gclish or other commands. The auditlog file for each SGM is located in the /var/log directory.
The asg auditlog command collects and summarizes records from the SGMs. The output shows actions that occur on different SGMs within n seconds (default = 5) on one line. These are considered to be global actions applicable to all SGMS. You can change the number of seconds for this purpose.
The log contains two types of activities:
- The action permanently changes the configuration database on the SGM hard disk.
- The action changes the configuration database in SGM memory, which does not survive reboot.
Syntax
auditlog [-b <sgm_ids>] [-d <n>] [-tail [number]] [-f filter]
Parameter
|
Meaning
|
-b <sgm_ids>
|
Works with SGMs and/or Chassis as specified by <sgm_ids>.
The <sgm_ids> can be:
- No <sgm
_ids> specified or all shows all SGMs and Chassis - One SGM
- A comma-separated list of SGMs (
1_1,1_4) - A range of SGMs (
1_1-1_4) - One Chassis (
Chassis1 or Chassis2) - The active Chassis (
chassis_active)
|
-d <n>
|
Number of seconds between the same actions that occur on different SGMs, which show on one output line. Default = 5 seconds.
|
-tail <n>
|
Show only last n lines of the log file for each SGM. For example, -tail 3 shows only the last three lines of the specified log file. Default = 10 lines.
|
-f <filter>
|
Word or phrase to use as an output filter. For example, -f t shows only transient changes.
|
Example - Show last lines
This example shows the last five activities, in this case, cpstop actions.
> asg_auditlog -tail 5
Feb 3 05:30:49 admin localhost p -command:cpstop t [1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p -command:cpstop:description Stop\ Check\ Point\ products\ installed [1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p +command:cpstop:description Global\ extension\ for\ cpstop
1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p -command:cpstop:description Global\ extension\ for\ cpstop
1 Blades: 1_03]
Feb 3 05:30:49 admin localhost p -command:cpstop:path /bin/cpstop_start [1 Blades: 1_03]
Notes:
= Permanent action that added or changed an item in the configuration database.
= Permanent action that deleted an item in the configuration database
= Transient action that added or changed an item in the configuration database in memory only.
= Transient action that deleted an item in the configuration database in memory only.
Example - filter
This example shows only permanent configuration save actions.
> asg_auditlog -f p +configurationSave
Feb 3 15:21:51 admin localhost p +configurationSave t [2 Blades: 1_01,1_02]
Feb 3 15:21:58 admin localhost p +configurationSave t [2 Blades: 1_03,1_04]
Feb 3 15:22:03 admin localhost p +configurationSave t [3 Blades: 1_01,1_02,2_02]
Feb 3 15:22:08 admin localhost p +configurationSave t [4 Blades: 2_01,2_03,2_04,2_05]
Feb 3 15:24:23 admin localhost p +configurationSave t [2 Blades: 1_03,1_04]
Feb 3 15:24:24 admin localhost p +configurationSave t [2 Blades: 1_03,1_04]
Feb 3 15:24:29 admin localhost p +configurationSave t [5 Blades: 1_03,1_04,2_03,2_04,
Feb 3 15:24:30 admin localhost p +configurationSave t [4 Blades: 2_01,2_03,2_04,2_05]
Feb 3 15:24:35 admin localhost p +configurationSave t [2 Blades: 2_01,2_02]
Feb 3 15:24:36 admin localhost p +configurationSave t [1 Blades: 2_02]
Feb 3 15:24:44 admin localhost p +configurationSave t [2 Blades: 2_01,2_03]
Feb 3 15:24:51 admin localhost p +configurationSave t [2 Blades: 2_02,2_04]
Feb 3 15:24:56 admin localhost p +configurationSave t [1 Blades: 2_05]
|
