Command Auditing Configuration

You can configure command auditing to record the commands in the Replication Server log, which is the default destination, or in any other destination file you provide. Use configure replication server with audit_enable to set auditing on or off:

configure replication server 
set audit_enable to {on|off}
Set audit_enable to on to enable command auditing. The default is off.
Optionally set audit_dest to specify the destination file for the command log: 
configure replication server
set audit_dest to ['log'|'filename']
You can set audit_dest if audit_enable is on. The default value for audit_dest is log, which is the Replication Server log. Specify a file name and path for any other destination. Ensure that the owner has read and write permissions for any file you specify in audit_dest. In UNIX, Replication Server creates the log file with 0600 permissions if the file does not already exist. If you create your own log file in UNIX with different permissions such as 0666, Replication Server retains your permissions. For example, to log commands to /tmp/RSaudit.log:
configure replication server
set audit_dest to '/tmp/RSaudit.log'

Example Messages in the Command Auditing Log

In the log file, "AUDIT" precedes the corresponding command or user action.
  • Command that executes successfully: 
    I. 2012/03/29 02:30:23. AUDIT: incoming command (issued by sa): sysadmin site_version
  • Command that fails to execute because the user lacks the required permissions: 
    I. 2012/03/29 02:31:46. AUDIT Command failed: SA permission required for:
I. 2012/03/29 02:31:46. AUDIT: incoming command (issued by user1): shutdown
  • Command that fails to execute for other reasons:
    I. 2012/03/29 03:18:15. AUDIT The following command batch has one or more failures:
I. 2012/03/29 03:18:15. AUDIT: incoming command (issued by sa): sysadmin badcommand
  • User who started Replication Server on a UNIX platform – 
    I. 2012/03/29 03:18:03. AUDIT: incoming command (issued by none): Repserver started by username: ny_admin1
  • Failed login attempt to Replication Server –
    I. 2012/03/22 02:12:52. AUDIT: Failed login attempt for user sa
  • A batch of commands that executes successfully:
    I. 2012/03/29 03:22:19. AUDIT: incoming command (issued by sa): create user user3 set password *********
I. 2012/03/29 03:22:19. AUDIT: incoming command (issued by sa): sysadmin site_version
  • A batch of commands with one command that fails to execute because the user lacks the required permissions:
    I. 2012/03/29 03:23:14. AUDIT Command failed: SA permission required for:
I. 2012/03/29 03:23:14. AUDIT: incoming command (issued by user1): admin who
I. 2012/03/29 03:23:14. AUDIT: incoming command (issued by user1): shutdown
  • A batch of commands with at least one command that fails to execute for other reasons:
    I. 2012/03/29 03:24:08. AUDIT The following command batch has one or more failures:
I. 2012/03/29 03:24:08. AUDIT: incoming command (issued by sa): sysadmin site_version
I. 2012/03/29 03:24:08. AUDIT: incoming command (issued by sa): sysadmin badcommand
Parent topic: Command Auditing