Change Management Events in EPM-UL

Change Management Events

Change Management events are configured on the client by enabling changemanagementevents in the pb.settings, and on the primary log server by specifying the eventdb setting. This logs all changes made to the Configuration and Settings and to the Role Based Policy databases. When the setting is enabled, all changes require a message, which is logged alongside the username, date/time and the details of the actual change. The events are sent to the log server defined in the pb.settings and can be retrieved via REST or locally on the log server with the pbdbutil --evt option.

The administrator changes the pb.settings file and reimports it:

# pbdbutil --cfg -m "Change to pb.settings" -i /etc/pb.settings
{"fname":"/etc/pb.settings","version":4}

Then the administrator adds a new Role into the Role Based Policy database:

# pbdbutil --rbp -m "New role" -u '{ "role" : {"id":2,"name":"new role","rorder":2,"description":"new role for admin","disabled":0,"risk":0,"action":"A","iolog":null,"script":null}}'

The Change Management Events can be accessed on the primary log server:

# pbdbutil --evt -s chgmgt
{
"hostname": "pbuild", "evtname": "file_import", "service": "pbdbutil9.0.0-
14", "who": "admin1", "severity": 16, "utc": "2015-05-21 11:53:07",
"progname": "pbdbutil9.0.0-14 ", "version": "9.0.0-14 ", "arch": "x86_
64_linuxA",
"data": {
"fname": "/etc/pb.settings", "version": 4, "msg": "Change to pb.settings",
"sid": 33235, "pid": 34378, "uid": 0
}
}
{
"hostname": "pbuild", "evtname": "put", "service": "pbdbutil9.0.0-14",
"who": "admin1", "severity": 16, "utc": "2015-05-21 11:56:35", "progname":
"pbdbutil9.0.0-14 ", "version": "9.0.0-14_debug", "arch": "x86_64_
linuxA",
"data": {
"id": 2, "description": "new role for admin", "risk": 0, "action": "A",
"name": "new role", "rorder": 2,"disabled": 0, "iolog": null, "script":
null, "sid": 33235, "pid": 34423, "uid": 0
}
}

For more information, see pbdbutil, pbadmin.