auditUtility auditReader command
Use the auditReader utility to decrypt and unsign an audit log that is encrypted, signed, or both. It is an action of the auditUtility command. Run the auditUtility auditReader command with parameters to decrypt and unsign logs.
Syntax
The command syntax is as follows:
auditUtility auditReader [options]
The
auditUtility auditReader command takes the location of a signed or encrypted
audit log and produces a readable audit log in JSON format as its output. The command supports only
the JKS
, PKCS12
, and JCEKS
keystore types.
The auditUtility auditReader command must specify the location of the audit log to be read and the location of the output file.
If the audit log file is encrypted, the command must specify the keystore type and password of the keystore that stores the certificate that is used to encrypt the log. If the keystore for decrypting the audit log is in a path other than the path shown in the audit log header, then the command must also specify the location of the keystore that is used to encrypt the log.
If the audit log file is signed, the command must specify the keystore type and password of the keystore that stores the certificate that is used to sign the log. If the keystore for unsigning the audit log is in a path other than the path shown in the audit log header, then the command must specify the location of the keystore that is used to sign the log.
Options
- --auditFileLocation=[location of encrypted, signed, or encrypted and signed audit log]
- Specify the fully qualified location of the audit log to decrypt and unsign.
- --outputFileLocation=[location of resulting decrypted and unsigned audit log]
- Specify the fully qualified location of the resulting output log.
- --debug=[true|false]
- Optional. Specify
true
to enable trace. Debug is disabled by default.
- --encrypted=[true|false]
- Specify
true
if the audit log is encrypted andfalse
if it is not encrypted. - --encKeyStoreLocation=[keystore URL]
- Specify the fully qualified file URL location of the keystore that stores the certificate that is used to decrypt the audit records.
- --encKeyStorePassword=[password]
- Specify the password for the keystore that contains the certificate that is used to decrypt the audit records.
- --encKeyStoreType=[JKS|JCEKS|PKCS12]
- Specify the type of the encryption keystore. Supported keystore types are
JKS
,JCEKS
, andPKCS12
.
- --signed=[true|false]
- Specify
true
if the audit log is signed andfalse
if it is not signed. - --signingKeyStoreLocation=[keystore URL]
- Specify the fully qualified file URL location of the keystore that stores the certificate that is used to unsign the audit records.
- --signingKeyStorePassword=[password]
- Specify the password for the keystore that contains the certificate that is used to unsign the audit records.
- --signingKeyStoreType=[JKS|JCEKS|PKCS12]
- Specify the type of the signing keystore. Supported keystore types are
JKS
,JCEKS
, andPKCS12
.
Usage
The following examples demonstrate correct syntax:
auditUtility help
auditUtility auditReader
--auditFileLocation=c:/LibertyInstall/dev/build.image/wlp/usr/servers/myserver/logs/audit.log
--outputFilelocation=c:/decryptedAuditLogs/decrypted_audit.log
--encrypted=true
--encKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mykeystore.jks
--encKeyStorePassword=Liberty
--encKeyStoreType=JKS
auditUtility auditReader
--auditFileLocation=c:/LibertyInstall/dev/build.image/wlp/usr/servers/myserver/logs/audit.log
--outputFilelocation=c:/unsignedAuditLogs/unsigned_audit.log
--signed=true
--signingKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mySiginingKeystore.PKCS12
--signingKeyStorePassword=Liberty
--signingKeyStoreType=PKCS12
auditUtility auditReader
--auditFileLocation=c:/LibertyInstall/dev/build.image/wlp/usr/servers/myserver/logs/audit.log
--outputFilelocation=c:/decryptedeAndUnsignedAuditLogs/decryptedAndUnsigned_audit.log
--encrypted=true
--encKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mykeystore.jks
--encKeyStorePassword=Liberty
--encKeyStoreType=JKS
--signed=true
--signingKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mySiginingKeystore.PKCS12
--signingKeyStorePassword=Liberty
--signingKeyStoreType=PKCS12