By using the auditing capability, you can capture significant events occurring in your IBM® Tivoli® Monitoring environment. You can also record these events in permanent storage for later retrieval and analysis. Each audit record fully describes some event that has changed the state of your IBM Tivoli Monitoring system.
These auditing and logging records can be stored in the Tivoli Data Warehouse. Standard reports are provided via the Tivoli Common Reporting feature.
The auditing facility covers the self-describing agents (including their auto-refresh feature), actions of the Warehouse Proxy Agent, EIF-SSL connections, automated Take Action commands, and the integration of IBM Tivoli Monitoring with Tivoli Application Dependency Discovery Manager.
Supported platforms include Windows, Linux, UNIX, IBM i, and z/OS® systems.
In the Managed System Status workspace you can right-click your monitoring components and select Audit Log to view component-specific collected audit log information. You can then create situations against the ITM Audit table to monitor audited events and collect audit data historically in the Tivoli Data Warehouse.
When examining audit information look for Results with non-zero values. A value of 0 indicates success. Creating situations that monitor for records that have non-zero value Results can help filter out general information messages.
The Tivoli Enterprise Portal User's Guide contains more information about the ITM Audit attribute group and workspace. For information about the Audit Log workspace and how to enable historical collection for the ITM Audit attribute group, see Managed System Status workspace. For attribute definitions, see ITM Audit attributes.
The log file can be used by a third-party product to parse and evaluate the audit information. Use the provided SAPM DTD to assist you with third-party products. The DTD is provided on the IBM Tivoli Monitoring Tools DVD in the XML directory; see the SAPMAudit.dtd file.
Full event name | Short name (displayed in logs) | Description |
---|---|---|
Authorization Checking | CHECKING | Events related to checking whether a user has permission to perform a particular operation or event. |
Authentication Validation | VALIDATE | Events related to authenticating the identify of the user or entity. |
Contextual Event | CONTEXT | Any other event that might occur contextually within an application. |
Object Maintenance | OBJMAINT | Events related to changing an object such as updating, deleting, creating, or moving any IBM Tivoli Monitoring object or table. |
System Administration | SYSADMIN | Events related to program startup and shutdown, audit and authorization system changes, configuration changes, table creation, and data synchronization configuration. |
Security Maintenance | SECMAINT | Events related to granting or revoking privileges. |