auditUtility auditReader command

Use the auditReader utility to decrypt and unsign an audit log that is encrypted, signed, or both. It is an action of the auditUtility command. Run the auditUtility auditReader command with parameters to decrypt and unsign logs.

Syntax

The command syntax is as follows:

auditUtility auditReader [options]

The auditUtility auditReader command takes the location of a signed or encrypted audit log and produces a readable audit log in JSON format as its output. The command supports only the JKS, PKCS12, and JCEKS keystore types.

The auditUtility auditReader command must specify the location of the audit log to be read and the location of the output file.

If the audit log file is encrypted, the command must specify the keystore type and password of the keystore that stores the certificate that is used to encrypt the log. If the keystore for decrypting the audit log is in a path other than the path shown in the audit log header, then the command must also specify the location of the keystore that is used to encrypt the log.

If the audit log file is signed, the command must specify the keystore type and password of the keystore that stores the certificate that is used to sign the log. If the keystore for unsigning the audit log is in a path other than the path shown in the audit log header, then the command must specify the location of the keystore that is used to sign the log.

Options

The following options are available for the auditUtility auditReader command.

--auditFileLocation=[location of encrypted, signed, or encrypted and signed audit log]: Specify the fully qualified location of the audit log to decrypt and unsign.
--outputFileLocation=[location of resulting decrypted and unsigned audit log]: Specify the fully qualified location of the resulting output log.
--debug=[true|false]: Optional. Specify true to enable trace. Debug is disabled by default.

For decrypting, include the following encryption options.

--encrypted=[true|false]: Specify true if the audit log is encrypted and false if it is not encrypted.
--encKeyStoreLocation=[keystore URL]: Specify the fully qualified file URL location of the keystore that stores the certificate that is used to decrypt the audit records.
--encKeyStorePassword=[password]: Specify the password for the keystore that contains the certificate that is used to decrypt the audit records.
--encKeyStoreType=[JKS|JCEKS|PKCS12]: Specify the type of the encryption keystore. Supported keystore types are JKS, JCEKS, and PKCS12.

For unsigning, include the following signing options.

--signed=[true|false]: Specify true if the audit log is signed and false if it is not signed.
--signingKeyStoreLocation=[keystore URL]: Specify the fully qualified file URL location of the keystore that stores the certificate that is used to unsign the audit records.
--signingKeyStorePassword=[password]: Specify the password for the keystore that contains the certificate that is used to unsign the audit records.
--signingKeyStoreType=[JKS|JCEKS|PKCS12]: Specify the type of the signing keystore. Supported keystore types are JKS, JCEKS, and PKCS12.

Usage

The following examples demonstrate correct syntax:

auditUtility help
auditUtility auditReader
  --auditFileLocation=c:/LibertyInstall/dev/build.image/wlp/usr/servers/myserver/logs/audit.log
  --outputFilelocation=c:/decryptedAuditLogs/decrypted_audit.log
  --encrypted=true
  --encKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mykeystore.jks
  --encKeyStorePassword=Liberty
  --encKeyStoreType=JKS
auditUtility auditReader
  --auditFileLocation=c:/LibertyInstall/dev/build.image/wlp/usr/servers/myserver/logs/audit.log
  --outputFilelocation=c:/unsignedAuditLogs/unsigned_audit.log
  --signed=true
  --signingKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mySiginingKeystore.PKCS12
  --signingKeyStorePassword=Liberty
  --signingKeyStoreType=PKCS12
auditUtility auditReader
  --auditFileLocation=c:/LibertyInstall/dev/build.image/wlp/usr/servers/myserver/logs/audit.log
  --outputFilelocation=c:/decryptedeAndUnsignedAuditLogs/decryptedAndUnsigned_audit.log
  --encrypted=true
  --encKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mykeystore.jks
  --encKeyStorePassword=Liberty
  --encKeyStoreType=JKS
  --signed=true
  --signingKeyStoreLocation=c:/LibertyInstall/dev/build.image/wlp/usr/server/myserver/mySiginingKeystore.PKCS12
  --signingKeyStorePassword=Liberty
  --signingKeyStoreType=PKCS12