You can select and view event and I/O logs. Event logs contain a record of Privilege Management for Unix and Linux events. I/O logs provide a history of a user’s keystrokes during a given Privilege Management for Unix and Linux session.
View Privilege Management for Unix and Linux Events
You can view Privilege Management for Unix and Linux events that are saved in event log files. Because events can be saved in more than one event log, the first step in viewing events is to select a log. Individual events can be viewed from the selected event log.
Select an Event Log and Records Page
- In the left navigation menu, select View Logs > Event Log. If prompted, log in with your Unix/Linux user name and password. The Event Log Selection page opens.
- In the File field, enter an absolute path (directory and file name) for the event log. You can click Browse to select the event log from the File Browser, or you can click Use Default to select the default event log.
- (Optional) Specify a date range in the Start Date and End Date fields. Leave the Start Date blank to view logs from the beginning of the log file, and leave the End Date blank to include the most recent events.
- Use the View options to select how you want to view the events. Select Short to view a table of events, or select Detailed to view the details for each event.
- (Optional) Choose the event types to view by selecting or unchecking the Accept, Reject or Forbidden Keystroke boxes.
- (Optional) Use the Records Per Page dropdown to limit the number of event records to display on a single page.
- Click View Event Log.
If you select the Short option, Privilege Management for Unix and Linux displays the event log on the Event Log page. If you select the Detailed option, Privilege Management for Unix and Linux displays the event log on the Event Log Detail page.
Use the Event Log Page
The Event Log page displays the event log records selected in the Event Log Selection page. This page provides information similar to the output from Privilege Management for Unix and Linux’s pblog program.
You can do any of the following on this page:
- Use the links in the top right of the report to go to a specific page that displays 50 records.
- The bottom right corner of the report window displays the event log name and the total number of events that are displayed.
- Use the Expand icon to view the report across the entire browser window. Use the Shrink icon to restore the normal report view.
- Click a column heading to sort the table by that column.
- Click on the value in the Result column for an event to view details about that event in the Event Log Detail page.
Use the Event Log Detail Page
The Event Log Detail page is opened from the Privilege Management Event Log Selection page by selecting the Detailed option and clicking View Event Log. It can also be opened from the Event Log page by clicking the value in the Result column for an event.
- The Event Log Detail page displays detailed information for a specific log entry. This page shows the same information for a listing as the Event Log page, plus all of the additional variables that were set for the command. The information is similar to that displayed by running pblog –l from the command line.
- The bottom right corner of the report window displays the event log name and which event out of the total events from the last query is being displayed.
- Use the Expandicon to view the report across the entire browser window. Use the Shrink icon to restore the normal report view.
- In the top right corner of the report page, you can use the Prev and Next links to navigate to the previous record or the next record. Each system-defined variable has a hyperlink that opens online help that describes the variable.
View Privilege Management for Unix and Linux I/O Logs
You can view Privilege Management for Unix and Linux I/O logs.
The I/O Viewer supports vt100, xterm, and dtterm terminals. The viewer attempts to display I/O logs from any terminal type, but there is no guarantee that unsupported terminals will be rendered accurately. Special graphic characters such as line drawing characters are not supported.
For more information about I/O logging, please see the Privilege Management for Unix and Linux Administration Guide and the Privilege Management for Unix and Linux Language Guide.
Select an I/O Log
- In the left navigation menu, select View Logs > I/O Log. If prompted, log in with your Unix/Linux user name and password.
- In the File field, enter the absolute path (directory and file name) for an I/O log. You can click Browse to select the I/O log from the file browser.
- (Optional) From the Terminal Foreground and Terminal Background, select the terminal foreground and background colors. Click Use Default to select the default colors.
- (Optional) Set the amount of time, in milliseconds, to pause after displaying each line during playback. Click Use Default to reset this value to the default.
- (Optional) Set the number of lines of input to display. To display all input lines, enter 0. Click Use Default to reset this value to the default.
- (Optional) Select the font size for the display. Click Use Default to reset this value to the default.
- Click View I/O Log. Privilege Management displays the I/O log in the I/O Log Viewer page.
Use the I/O Log Viewer Page
This page opens after you select an I/O log file in the I/O Log Selection page and click View I/O Log. The I/O Log Viewer page enables you to play back an I/O log and see a simulation of the keystrokes that were made by a user during a session.
- The terminal emulation (color, font, etc.) might not match what the user saw during the session.
- The essential keystrokes and responses are displayed but not all of the original formatting.
- I/O logging records keystrokes, output streams, and error streams but not mouse clicks or other GUI actions.
- No attempt is made to reproduce the timing of the original input. The simulation is taking place in a browser and the timing observed is constrained by the location of the server processing the browser requests and network traffic.
- The operating system may become overwhelmed if New Input or Next Newline are clicked multiple times too rapidly. Clicking these buttons rapidly can cause you to be prompted for a user name and password, but you are unable to log in.
The I/O Log Viewer consists of three areas:
- The top is a toolbar used for controlling the I/O log playback, moving within the log, and navigating to other parts of the application.
- The center section of the screen displays the I/O log playback. This playback is a simulation of what the original user would have seen on the Unix/Linux terminal.
- The bottom of the page shows information about when the current I/O event was logged and its location in the I/O log.
To play back a I/O log, click Play. Click Pause to stop the playback. Use the following controls to go through the log and access additional features:
|Go to Start||Moves to the beginning of the log.|
|Play/Pause||Starts and stops the I/O log playback loop.|
|Next Input||Advances the playback to the next keystroke.|
|Next Newline||Advances the playback to the next newline in the I/O log.|
|Go to End||
Moves to the end of the log.
Enter a place (position), text string, or time to search for in the I/O log.
Place is a position from the start of the file. It is any positive number limited to the size of the I/O log.
Text to search for can be individual characters and whole or partial strings. Wildcard search characters cannot be used.
Time is set as [MM/DD/[CC]YY] HH:MM[:SS] (for example, 13:40 or 11/28/2001 13:40:48).
The I/O log file uses discrete positions and time intervals. You cannot go to an exact position or time. You must go to the next highest position or time increment.
This field is used with the Search list and Search button.
Select the entry to search for:
|Search list||This list is used with the Search field and Search button.|
|Search button||Looks for the exact search text, next greatest time, or next largest place in the input stream, depending on which option was selected. This button is used with the Search field and Search list.|
|Show Variables||Shows the variables that were stored in the I/O log when it was created.|
|Show Input||Shows the input that a user typed. The information is displayed in a separate window.|
|File Selection||Returns to the I/O Log Selection page.|
I/O Log Variables Page
The I/O Log Variables page is opened from the I/O Log Viewer page by clicking Show Variables. This page displays detailed information for a specific I/O log. This page shows the same information for a listing as the I/O Log Viewer page as well as all of the additional variables that were set for the command. The information is similar to that displayed by running pbreplay -av from the command line.
The top of the page displays the:
- Name of the I/O log
- The date and time
- The submitting user and submitting host
- The run user and run host
- The command that was run
Click Close to exit the I/O Log Variables page.
Use the I/O Log Input Viewer Page
Clicking Show Input in the I/O Log Viewer page opens the I/O Log Input Viewer page. The I/O Log Input Viewer page displays the keystroke input stream. In other words, it shows what the user typed. The information that is presented is similar to that displayed when running pbreplay -i from the command line.
Clicking Show Input displays the input only up to a given point in the I/O log file and that point must have already been navigated to with the browser.
Select an input type from the list to set the format of the input data: Hexadecimal, Octal, and Mapped. The Mapped option replaces unprintable characters with descriptive tags.