Auditing Reference

Includes search criteria, field descriptions, and audit trail job usage options for configuring Alert and Security Audit Trails.

About Auditing Using Alert Auditing Using Security Auditing

Table of Contents

  1. Introduction
  2. Audit Trail Search Criteria
  3. Audit Trail Field Descriptions
  4. Schedule Alert Audit Trail Job Usage Options
  5. Schedule Security Audit Trail Job (Usage Options)

Introduction

This topic includes search criteria, field descriptions, and audit trail job usage options for configuring Alert and Security Audit Trails.

Audit Trail Search Criteria

The audit trail capability in the Policy Manager Monitor section allows you to select search criteria and retrieve data about add, modify, and delete actions that occur in the system activity using flexible search criteria options. You can focus the scope of a search to target a specific system action, username, object status, and date range or time range, and then browse search results.

Performing a search involves entering optional search criteria, receiving search results, and then performing a specific operation (if applicable) on audit data. The initial display of the Audit Trail Summary screen presents a list of all observed and unobserved objects associated with the current logged on user.

Search Criteria Option Description
Start Date End Date Start and End date fields that access a Calendar Pop-up. Date can be selected by using the arrow keys to navigate the Week, Month and Year. To select a date, click the date number (highlighted in red). The field display is automatically populated.
Start Time End Time Field displays that allows you to enter a Start and End Times. Time is entered using a 24-hour clock.
Action A text box that allows you to enter a specific action associated with add, modify, or delete operations performed in the system.
User A text box that allows you to filter audit trail search results based on a username identifier.
Observed A radio button that allows you to filter audit trail search results based on whether an audit item is configured with an Observed status.
Unobserved A radio button that allows you to filter audit trail search results based on whether an audit item is configured with an Unobserved status.
Both A radio button that allows you to filter audit trail search results based on whether an audit item is configured with an Observed and Unobserved status.
Filter A button that commits the specified search criteria and executes the Audit Trail Search.

back to top

Audit Trail Field Descriptions

The following table provides descriptions of the policy object information presented on the Audit Trail Details screen.

Field Name Description
Date Displays the date that the system object was created.
Username Displays the name of the user who will be using the Policy Manager application the system object is associated with.
Name Displays the name of the Policy Manager component that the system object is associated with.
Action Displays the system action associated with the specific system object.
Cascade List Displays the cascading routes associated with usage of the current system object.
Observed Date Displays the name of the user who will be using the Policy Manager application the system object is associated with.
Observed Username Displays the username of the individual that viewed at the Audit Trail.
Observed Name Displays the name of the individual that viewed at the Audit Trail.
Client Application Displays the name of the client application that was used when the Audit Trail was created.
Description Displays a detailed explanation of the reason the Audit Trail was created.

back to top

Schedule Alert Audit Trail Job—Usage Options

  • Minimum Required Options:
    • outfile <outfile>
  • Sample Program Call:
    • exportAlertAuditTrail -deleteFilteredData -outfile alaudit1_ -appendDateToFileName -filterStartDate 01-01-2014 -filterEndDate 04-24-2018
Option Description
appendDateToFileName Append Date to Filename
deleteFilteredData Delete Exported Data. (Deletes filtered alert audit trails only.)
filterStartDate (MM-DD-YYYY) Export data filter start date
filterStartTime (HH\:MM\:SS) Export data filter start date
filterEndDate (MM-DD-YYYY) Export data filter end date
filterEndTime (HH\:MM\:SS) Export data filter end date
outfile <outfile> This file will be exported to: {PM_HOME}/{ReleaseDirectory}\export. This option is required.
overrideExistingFile Overwrite Existing File

back to top

Schedule Security Audit Trail Job—Usage Options

  • Minimum Required Options:
    • outfile <outfile>
  • Sample Program Call:
    • exportSecurityAuditTrail -deleteFilteredData -outfile secaudit1_ -appendDateToFileName -filterStartDate 01-01-2000 -filterEndDate 04-24-2006
Option Description
appendDateToFileName Append Date to Filename
deleteFilteredData Delete Exported Data. (Deletes filtered alert audit trails only.)
filterStartDate (MM-DD-YYYY) Export data filter start date
filterStartTime (HH\:MM\:SS) Export data filter start time
filterEndDate (MM-DD-YYYY) Export data filter end date
filterEndTime (HH\:MM\:SS) Export data filter end time
outfile <outfile> This file will be exported to: {PM_HOME}/{ReleaseDirectory}\export. This option is required.
overrideExistingFile Overwrite Existing File

Back to top