| Author |
Message
|
| issac |
 Posted: Thu Jun 12, 2014 9:24 pm Post subject: How to audit WMB V8.0 administration? |
 |
|
Disciple
Joined: 02 Oct 2008
Posts: 158
Location: Shanghai
|
Hello, experts
We have a tension test environment, which needs accessibility from a variety of developers. But it's too bad that there's always someone who stops 1 or 2 execution groups and forget to start it. It keeps happening on and on, no one admits it.
How can I audit which user id/ip/anything else for identification on the host? I tried:
1. syslog, it doesn't help, there's only hostname/timestamp/msg, no user id nor ip...
2. event log. It has user id for deployment actions. But I care more for stop/start eg actions
3.activity log. doesn't help at all.
I read through the infocenter, and can't find the topic. It seems that the mb lab cares more for auditing msg flows, but not for administration. Security of the broker cares more for authenticating user, but seems ignoring auditing their actions.
So what's your advice? Please help.
_________________
Bazinga! |
|
| Back to top |
|
 |
| Esa |
| Posted: Thu Jun 12, 2014 10:48 pm Post subject: |
|
|
Grand Master
Joined: 22 May 2008
Posts: 1387
Location: Finland
|
| I hope you find this helpful. |
|
| Back to top |
|
|
| issac |
| Posted: Fri Jun 13, 2014 12:46 am Post subject: |
|
|
Disciple
Joined: 02 Oct 2008
Posts: 158
Location: Shanghai
|
Thanks for the info. But Event Log (Administration Log) doesn't help regarding EG starting/stopping.
It has user id when you deploy a bar, but it doesn't have user id when EG is started/stopped. It just says a configuration msg is received by the EG.
_________________
Bazinga! |
|
| Back to top |
|
|
| Esa |
| Posted: Fri Jun 13, 2014 1:00 am Post subject: |
|
|
Grand Master
Joined: 22 May 2008
Posts: 1387
Location: Finland
|
Really?
This is what I see in my admin log:
| Code: |
2014-06-13 11:52:27.143 EEST: [BIPmsgs:2871]BIP2871I: The request made by user 'Esa' to 'stop' the resource 'KUKKUU' of type 'ExecutionGroup' on parent 'BROKER8' of type 'Broker' has the status of 'COMPLETE'. : Administration Result
2014-06-13 11:52:30.767 EEST: [BIPmsgs:2880]BIP2880I: The property 'processId' has changed from '10428' to '0' on object 'KUKKUU' of type 'ExecutionGroup' with parent 'BROKER8' of type 'Broker'. : Change Notification
2014-06-13 11:54:33.785 EEST: [BIPmsgs:2871]BIP2871I: The request made by user 'Esa' to 'start' the resource 'KUKKUU' of type 'ExecutionGroup' on parent 'BROKER8' of type 'Broker' has the status of 'INITIATED'. : Administration Request
2014-06-13 11:54:34.141 EEST: [BIPmsgs:2880]BIP2880I: The property 'object.runstate' has changed from 'stopped' to 'running' on object 'KUKKUU' of type 'ExecutionGroup' with parent 'BROKER8' of type 'Broker'. : Change Notification
2014-06-13 11:54:34.124 EEST: [BIPmsgs:2871]BIP2871I: The request made by user 'Esa' to 'start' the resource 'KUKKUU' of type 'ExecutionGroup' on parent 'BROKER8' of type 'Broker' has the status of 'COMPLETE'. : Administration Result |
|
|
| Back to top |
|
|
| issac |
| Posted: Fri Jun 13, 2014 1:18 am Post subject: |
|
|
Disciple
Joined: 02 Oct 2008
Posts: 158
Location: Shanghai
|
Ahahaha!!!
Sorry for my being so stupid. I re-read my event log and it's really there.
But is there some config to make mb store more event log entries? It seems that the event log is rolled away rather quickly.
_________________
Bazinga! |
|
| Back to top |
|
|
| Esa |
| Posted: Fri Jun 13, 2014 1:25 am Post subject: |
|
|
Grand Master
Joined: 22 May 2008
Posts: 1387
Location: Finland
|
Yes,
you can use CMP API and write a java program that registers a listener to the admin log. That's in fact how I created my admin log, if you wondered why it looks a bit different.
The listener can store the entries in files or a database or even forward them to a centralized audit log if you have one. |
|
| Back to top |
|
|
| issac |
| Posted: Fri Jun 13, 2014 1:31 am Post subject: |
|
|
Disciple
Joined: 02 Oct 2008
Posts: 158
Location: Shanghai
|
Wow, cool. I'm reading the infocenter for details of the monitor. I'll write one too. Thanks very much! 
_________________
Bazinga! |
|
| Back to top |
|
|
| issac |
| Posted: Fri Jun 13, 2014 5:52 pm Post subject: |
|
|
Disciple
Joined: 02 Oct 2008
Posts: 158
Location: Shanghai
|
Hello, expert, I'm trying to set up my listener. I copied almost every part of the CMPExerciser, monitoring of other administeredobject is working, exception for the log:
| Code: |
public void processActionResponse(AdministeredObject affectedObject, CompletionCodeType ccType, java.util.List<LogEntry> bipMessages, Properties referenceProperties) {
Plog.enter2(getClass().getName() + ".processActionResponse(...)");
try {
DevLog.info("affectedObject = " + affectedObject);
DevLog.info("completionCode = " + ccType);
// Display any BIPs
ListIterator<LogEntry> msgs = bipMessages.listIterator();
while (msgs.hasNext()) {
LogEntry log = msgs.next();
DevLog.info(ResourcesHandler.getNLSResource(ResourcesHandler.LOG_ENTRY) + " " + log);
}
// Display the reference properties
Enumeration<Object> e = referenceProperties.keys();
while (e.hasMoreElements()) {
String key = (String) e.nextElement();
String value = referenceProperties.getProperty(key);
DevLog.info(ResourcesHandler.getNLSResource(ResourcesHandler.REFERENCE_PROPERTY) + " " + key + "=" + value);
}
} finally {
Plog.exit2(getClass().getName() + ".processActionResponse(...)");
}
}
|
this part is not working, my list is always an empty one:
| Code: |
// Display any BIPs
ListIterator<LogEntry> msgs = bipMessages.listIterator();
while (msgs.hasNext()) {
LogEntry log = msgs.next();
DevLog.info(ResourcesHandler.getNLSResource(ResourcesHandler.LOG_ENTRY) + " " + log);
}
|
I think the listener shall have no problem. It must be some particular step required elsewhere.
I'm registering the listener like this:
| Code: |
final BrokerProxy bk = this.getBroker();
bk.registerListener(lsr);
|
and
| Code: |
final ExecutionGroupProxy eg = (ExecutionGroupProxy) egEnu.nextElement();
eg.registerListener(lsr);
DevLog.info("Monitoring EG " + eg.getName() + " " + eg.getUUID());
|
So what am I missing? I'm reading through source code of the exerciser, and has not managed to find the cause.
_________________
Bazinga! |
|
| Back to top |
|
|
| issac |
| Posted: Fri Jun 13, 2014 6:04 pm Post subject: |
|
|
Disciple
Joined: 02 Oct 2008
Posts: 158
Location: Shanghai
|
Some more info. This is the output of my app:
| Code: |
.....> ENTER#com.ibm.issac.moe5.wmb.common.WMBV8AdminObjListener.processActionResponse(...)
affectedObject = VAS2BK
completionCode = success
Message list size: 0
(Reference property) parent.uuid=?
(Reference property) commsmessage.operationtype=register
(Reference property) commsmessage.configobjecttype=Broker
(Reference property) uuid=?
(Reference property) configmanagerproxy.version=80
.....> EXIT#com.ibm.issac.moe5.wmb.common.WMBV8AdminObjListener.processActionResponse(...)
.....> ENTER#com.ibm.issac.moe5.wmb.common.WMBV8AdminObjListener.processActionResponse(...)
affectedObject = UNITEG
completionCode = success
Message list size: 0
(Reference property) parent.uuid=3f07265b-f4be-4687-8819-6b6b92f6dfb8
(Reference property) parent.type=Broker
(Reference property) commsmessage.operationtype=register
(Reference property) commsmessage.configobjecttype=ExecutionGroup
(Reference property) uuid=3ab32e03-4501-0000-0080-bf8c8815ca52
.....> EXIT#com.ibm.issac.moe5.wmb.common.WMBV8AdminObjListener.processActionResponse(...)
|
the bipMessages list from the processActionRespose method is always 0-sized. That's weired...  I'm stopping and starting EGs to produce the log. In the cmp exerciser it has log entries displayed.. I'm still trying very hard to figure it out...
_________________
Bazinga! |
|
| Back to top |
|
|
| Esa |
| Posted: Sat Jun 14, 2014 1:25 am Post subject: |
|
|
Grand Master
Joined: 22 May 2008
Posts: 1387
Location: Finland
|
| Implement processModify instead of processActionResponse. |
|
| Back to top |
|
|
|
|
