Auditlogging

Use the auditlogging option to generate an audit log that contains an entry for each file that is processed during an incremental, selective, archive, restore, or retrieve operation.

The audit log can be configured to capture either a basic level of information or a more inclusive (full) level of information.

The basic level of the audit logging feature captures the information that is in the schedule log and it records information that a file has been backed up, archived, updated, restored, retrieved, expired, deleted, skipped or failed during an incremental backup, selective backup, archive, restore or retrieve operation. In addition, the basic level of audit logging captures the input command for commands run through the backup-archive command line or scheduler clients.

The full level of audit logging records an action for each file that is processed by the backup-archive client. In addition to all of the events recorded by the basic level of audit logging, the full level of audit logging records information for a file that has been excluded or not sent during a progressive incremental backup operation because the file had not changed.

The following is an example of the messages that are issued when the audit log is configured to capture the basic level of information:

AIX operating systemsHP-UX operating systemsLinux operating systemsOracle Solaris operating systemsMac OS X operating systems
04/21/07 15:25:05 ANS1650I Command: 
  sel /home/spike/test/*
04/21/07 15:25:05 ANS1651I Backed Up: 
  /home/spike/test/file.txt                    
04/21/07 15:25:05 ANS1652I Archived: 
  /home/spike/test/file.txt                     
04/21/07 15:25:05 ANS1653I Updated: 
  /home/spike/test/file.txt                      
04/21/07 15:25:05 ANS1654E Failed: 
  /home/spike/test/file.txt                      
04/21/07 15:25:05 ANS1655I Restored: 
  /home/spike/test/file.txt                     
04/21/07 15:25:05 ANS1656I Retrieved: 
  /home/spike/test/file.txt                    
04/21/07 15:25:05 ANS1657I Expired: 
  /home/spike/test/file.txt                     
04/21/07 15:25:05 ANS1658I Deleted: 
  /home/spike/test/file.txt                     
04/21/07 15:25:05 ANS1659I Skipped: 
  /home/spike/test/file.txt
Windows operating systems
04/21/07 15:25:05 ANS1650I Command: 
  sel c:\test\file.txt 
04/21/07 15:25:05 ANS1651I Backed Up: 
  \\spike\c$\test\file.txt                    
04/21/07 15:25:05 ANS1652I Archived: 
  \\spike\c$\test\file.txt                     
04/21/07 15:25:05 ANS1653I Updated: 
  \\spike\c$\test\file.txt                      
04/21/07 15:25:05 ANS1654E Failed: 
  \\spike\c$\test\file.txt                      
04/21/07 15:25:05 ANS1655I Restored: 
  \\spike\c$\test\file.txt                     
04/21/07 15:25:05 ANS1656I Retrieved: 
  \\spike\c$\test\file.txt                    
04/21/07 15:25:05 ANS1657I Expired: 
  \\spike\c$\test\file.txt                      
04/21/07 15:25:05 ANS1658I Deleted: 
  \\spike\c$\test\file.txt                      
04/21/07 15:25:05 ANS1659I Skipped: 
  \\spike\c$\test\file.txt

AIX operating systemsHP-UX operating systemsLinux operating systemsOracle Solaris operating systemsMac OS X operating systemsThe following messages can be issued when the audit log is configured to capture the full level of information (in addition to all messages issued for the basic level of audit logging):

AIX operating systemsHP-UX operating systemsLinux operating systemsOracle Solaris operating systemsMac OS X operating systems
04/21/07 15:25:05 ANS1660I Excluded: 
  /home/spike/test/file.txt
04/21/07 15:25:05 ANS1661I Unchanged: 
  /home/spike/test/file.txt

Windows operating systemsThe following is an example of the messages that are issued when the audit log is configured to capture the full level of information (in addition to all messages issued for the basic level of audit logging):

Windows operating systems
04/21/07 15:25:05 ANS1660I Excluded: 
  \\spike\c$\test\file.txt                      
04/21/07 15:25:05 ANS1661I Unchanged: 
  \\spike\c$\test\file.txt

The audit log is not a substitute or a replacement for the standard error log (dsmerror.log) or for the schedule log (dsmsched.log). If an error occurs that prevents a file from being processed, a message indicating that an error has occurred is written to the audit log, but the message will not indicate the nature of the error. For problem diagnostics the standard error log must still be used.

The audit log entries only contain a time stamp and object name. There is no information to distinguish between files and directories or any information about the size of an object.

Mac OS X operating systemsThe Mac OS X backup-archive client creates the audit log as a Unicode (UTF-16) file.

Windows operating systemsWhen using the Windows backup-archive client, all object names are written in the UNC format. The Windows backup-archive client creates the audit log as a Unicode file.

By default, the name of the audit log is dsmaudit.log and it is contained in the same directory as the error log, dsmerror.log. The name and location of the audit log can be configured using the auditlogname option. There are no parameters to control the size of the audit log or to prune the audit log. The auditlogname option cannot be set as an option in a Tivoli® Storage Manager server client options set.

Mac OS X operating systemsThe auditlogging command is supported with backup commands that interact with file-level objects such as backup groups.

AIX operating systemsHP-UX operating systemsLinux operating systemsOracle Solaris operating systemsThe auditlogging command is not supported with backup commands which interact with image-level objects such as backup image or restore image. The auditlogging command is supported with backup commands that interact with file-level objects such as backup groups.

Windows operating systemsThe auditlogging command is not supported with backup commands which interact with image-level objects such as backup image or restore image. The auditlogging command is supported with backup commands that interact with file-level objects such as backup groups, and backup systemstate.

If you have enabled audit logging for an operation and there is a failure trying to write to the audit log (for example, the disk on which the audit log resides is out of space), the audit logging is disabled for the rest of the operation and the return code for the operation is set to 12, regardless of the outcome of the operation.

Supported Clients

This option is valid for all clients.

Options File

Windows operating systemsPlace this option in the dsm.opt file.

AIX operating systemsHP-UX operating systemsLinux operating systemsOracle Solaris operating systemsMac OS X operating systemsPlace this option in the dsm.sys file within a server stanza.

Syntax

Read syntax diagramSkip visual syntax diagram
                 .-off---.   
>>-AUDITLOGGing--+-------+-------------------------------------><
                 +-basic-+   
                 '-full--'   

Parameters

off
Specifies that the audit logging facility is not engaged. This is the default.
basic
Specifies that the audit log captures a basic level of information.
full
Specifies that the audit log captures a more extensive level of information.

Examples

Run an incremental backup with audit logging enabled.

Command line:
dsmc i -auditlogging=basic

Back up a list of files using the maximum level of auditing, which enables a separate application, such as a Perl script, to verify the results.

Windows operating systems
dsmc i -filelist=file.lst -auditlogging=full 
  -auditlogname="c:\program files\tivoli\tsm\baclient\
  temp_audit001.log"