IBM E027SLL-H Troubleshooting Guide - Page 273
Tivoli Audit Facility troubleshooting
![]() |
View all IBM E027SLL-H manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 273 highlights
Chapter 16. Tivoli Audit Facility troubleshooting An auditing facility in IBM Tivoli Monitoring includes detailed information for certain major state changes or events that occur within your monitoring environment. Audit events in the system reflect authorization and authentication failures, and major and minor changes, but do not reflect minor service messages stored in the RAS logs. Audit Log workspace shows only 100 of the most recent audit records By default, all Tivoli Monitoring components show only the 100 most recent audit records in the Audit Log workspace. The environment variable, AUDIT_MAX_HIST, defines the maximum number of audit records kept in short-term memory for direct queries. You can increase the setting for this environment variable and recycle the component that you want to display more audit records in the Audit Log workspace. Note that only audit events created since the component was started are displayed. If you want to display audit records for events that occured before the most recent component startup, you must enable historical data collection for the ITM Audit attribute group and distribute the history collection settings to the components you want to have access to the historical audit data. If data warehousing is available, it might be more efficient to collect audit records historically from critical ITM components. See the Audit Log workspace description in the Tivoli Enterprise Portal User's Guide for details on configuring historical data collection for the ITM Audit attribute group. Audit Log workspace does not display records before the latest component startup The Audit Log workspace shows audit records generated since the component was most recently started. To access audit records that were generated before the latest restart, collect audit records historically from critical ITM components. See the Audit Log workspace description in the Tivoli Enterprise Portal User's Guide for details on configuring historical data collection for the ITM Audit attribute group. On distributed systems, you can also examine the component's XML-formatted audit log to access audit records that were generated prior to the latest restart. These logs are located on the component in the /auditlogs directory. Refer to Appendix F. ITM Audit log in the IBM Tivoli Monitoring Version 6.2.3 Administrator's Guide. ITM components in a z/OS environment can enable the SMF audit facility to collect ITM Audit records. For more information, see the Planning and Configuration Guide for the specific component. © Copyright IBM Corp. 2005, 2012 255
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
![]() |
![]() |
![](/manual_guide/products/ibm-e027sllh-troubleshooting-guide-7c8d102/273.png)