Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 8 Auditing Accesses : Querying the Data

Querying the Data
A query of the audit log provides you with a tabular view of the data. This data is filtered through a selected filter so that only predefined occurrences appear.
To query the data, you can use a predefined filter or create a new filter that better suits your needs.
Using a Predefined Query Filter
To query a specific set of data, complete the following steps:
1.
Type Q in the line command field of the filter that you want to use.
2.
This displays a listing of accesses that meet the selection criteria specified in the filter, similar to the screen below.
Query Screen (first 80 columns shown)

 
COMMAND==> Scroll: P
------------------------------------------------------------------------------
Audit Log - OBJECT_ACCESS
------------------------------------------------------------------------------
Dates Ranging From: 20000310 To: 20000310
Date Time Message
------ -------- --------------------------------------------------------------
20000310 09:45:38 View definition access to TABLE IDM by USR51 denied
20000310 09:46:41 Create definition of TABLE IDM51 by USR51
20000310 09:48:08 View definition access to TABLE MSG_OLD_BKUP by USR52 denied
20000310 09:49:05 Create definition of TABLE BKUP_MESSAGES by USR50
20000310 09:53:47 Create definition of TABLE MSG_OLD_BKUP by USR50
20000310 09:54:06 Delete definition of TABLE IDM51 by USR51
20000310 09:55:52 Create definition of TABLE BKUP_MESSAGES by USR50
20000310 10:06:08 Replace access to TABLE FIELDS( @SLK_COLUMN ) by USR31
20000310 10:06:08 Replace access to TABLE FIELDS( @SLK_COLUMN ) by USR31
20000310 10:08:02 Replace access to TABLE @PROM_OBJ( LOC01 ) by USR01
20000310 10:08:02 Replace access to TABLE @PROM_INFO( LOC01 ) by USR01
20000310 10:08:03 Insert access to TABLE @PROM_AUDIT( LOC01 ) by USR01
20000310 10:08:03 Replace access to TABLE @PROM_OBJ( LOC01 ) by USR01
PFKEYS: 1=HELP 3=END 5=FIND NEXT 9=RECALL 12=END 13=PRINT 4=HIGHLIGHT FAILURES

 
Types of Data Displayed
Each filter is used to display a specific set of data. The initial display is sorted by date and time, with the current date displayed. You can browse the data, select, and re-order it to suit your requirements.
The screen displays the following types of information. Use PF11 to display the additional fields. This information is also used to produce the displayed messages.
The message issued when the access took place. The message is in the following format:
Activity of Object_Type Object by User [denied] [details]
The user ID of the user performing the access.
Modifying the Display of Data
To modify the range of dates used for the data, enter new date ranges in the Dates Ranging From field, using the format yyyymmdd. You can also specify an asterisk (*) as a wildcard character to represent an entire date:
An asterisk in the Dates Ranging From field means the earliest date in the access log.
An asterisk in the Dates Ranging To field means yesterday’s date.
A blank in either date field defaults to the current date.
To select and order this data, use the primary commands described when you press PF1. A description of the available PF keys is also provided when you press PF1.
When you are selecting on a specific field, ensure that you include the underscore character in a field with a compound name. For example, if you want to do a selection on Object Classification, specify object_classfctn.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved