Secure Global Desktop 4.31 Administration Guide > Commands > The tarantella query audit command
tarantella query audit { --app app | --person person | --host host | --filter filter } [ --server arrayhost ] [ --format text|csv|xml ]
Displays all log entries matching some criteria.
Note The output that you see depends on the Log Filter settings for
the array. To produce log entries for processing by this command, make
sure the Log Filter attribute on the Array
properties panel of Array Manager includes at least one
filter that outputs to a .jsl
file.
Option | Description |
---|---|
--app app |
Displays log entries referring to a specific application. Use a TFN name for app. |
--person person |
Displays log entries referring to a specific person. Use a TFN name for person. |
--host host |
Displays log entries referring to a specific host. Use a TFN name or a peer DNS name for host. |
--filter filter |
An RFC2254-compliant LDAP search filter to find matching entries to display. Enclose the filter in quotes. You can use the "=", "~=", "<=" and ">=" matching rules in the filter. |
--server arrayhost |
Only show log entries from the array member arrayhost
(use a peer DNS name). If you omit --server , log entries
across the entire array are displayed. |
--format text | csv | xml |
Specifies the output format (default: text). If you select the text format, Secure Global Desktop formats the log output so that it is easy to read on screen but it does not show every detail logged. Using the csv format shows every detail logged but it is only suitable for outputting to a file. |
The attributes you use in the filter are the log fields used in the .jsl
log files. The table below lists the commonly used attributes.
Field name | Description |
---|---|
log-category | This is the logging component/sub-component/severity setting used in the log filters. For example to find entries for a server/printing/* log filter, you could use a "(log-category=*printing*)" filter |
log-date | The system date and time when the event took place. The format is
yyyy/MM/dd HH:mm:ss.SSS . |
log-ip-address | The IP address of a client or server associated with an event. |
log-keyword | The keyword for auditable events, see Using log filters for auditing for details. |
log-localhost | The peer DNS name of the Secure Global Desktop server where the event took place. |
log-pid | The process ID of the event. |
log-security-type | The type of security used on a connection, std or ssl . |
log-systime | The system time in milliseconds (UTC time) when the event took place. |
log-tfn-name | The TFN name of an object associated with an event. For example starting an application (emulator) session may record the TFN name of the user, the application and the host. |
Note A complete list of all the log fields is available in the
/opt/tarantella/var/serverresources/schema/log.at.conf
schema file.
tarantella query audit \ --person .../_user/indigo \ --server boston.indigo-insurance.com
Displays all log entries for the UNIX user indigo that were logged on the Secure Global Desktop array member boston.indigo-insurance.com.
tarantella query audit \ --app "..._ens/o=Indigo Insurance/cn=Write-o-win" \ --format csv
Outputs all log entries that refer to the Write-o-Win application, in CSV (comma-separated values) format.
tarantella query audit \ --filter "(&(log-category=*error*)(log-tfn-name=..._ens/o=Indigo Insurance/cn=Write-o-win) \ (log-date>=2003/10/23 00:00:00.0))" \ --format text
Outputs all log errors that occurred on or after 23 October 2003 for the Write-o-Win application, in human-readable text format.
Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.