For PPEM to log audit events, the logging must
be configured first in the ppem-manager.yml manager
configuration file.
You can specify the following parameters:
audit: enabled: trueorfalse syslog: protocol:one_of_supported_transport_protocolsaddress:address_of_a_syslog_serverport:port_of_the_syslog_serverfacility:facility_of_syslog_messagestag:tag_of_syslog_messageslog: path:path_to_a_log_filemode:access_mode_for_the_log_file
Where:
enabled: The state of the audit event logger.
Possible values:
true: The logger is enabled,
PPEM logs audit events.
If the logger is enabled, PPEM
adds the audit_events_housekeeping system
housekeeping rule
for the repository database.
By default, the auto-run schedule is not configured for this rule. Configure the schedule if necessary.
false: The logger is disabled,
PPEM does not log audit events.
Default value: false (the logger is disabled).
syslog: The parameters of sending audit event log
to a syslog server.
This group of parameters is optional. If omitted and
the audit.enabled parameter is set
to true, audit events are logged but not sent
to a syslog server.
protocol: The transport protocol used
for the delivery of syslog messages.
Possible values:
local or '' (empty string):
The messages are transported within the originating server and
not sent over a network.
One of tcp, tcp4,
or tcp6: Use TCP as the transport.
Specify tcp4 or tcp6
to explicitly use TCP over IPv4 or IPv6, respectively.
Specify tcp to leave the protocol selection
to PPEM.
One of udp, udp4,
or udp6: Use UDP as the transport.
Specify udp4 or udp6
to explicitly use UDP over IPv4 or IPv6, respectively.
Specify udp to leave the protocol selection
to PPEM.
One of ip, ip4,
or ip6: Use IP as the transport.
Specify ip4 or ip6
to explicitly use IPv4 or IPv6, respectively.
Specify ip to leave the protocol selection
to PPEM.
One of unix, unixgram,
or unixpacket: Use a UNIX domain socket as the transport.
The above values are the types of UNIX domain sockets that use different semantics:
The socket of the unix type uses
SOCK_STREAM semantics.
The socket of the unixgram type uses
SOCK_DGRAM semantics.
The socket of the unixpacket type uses
SOCK_SEQPACKET semantics.
address: The address of
the syslog server,
if required by the selected transport protocol.
port: The port of
the syslog server,
if required by the selected transport protocol.
facility:
The facility of syslog messages.
Possible values:
kern: Kernel messages.
user: User-level messages.
mail: Mail system.
daemon: System daemons.
auth: Security/authorization messages.
syslog: Messages generated internally
by syslogd.
lpr: Line printer subsystem.
news: Network news subsystem.
uucp: UUCP subsystem.
cron: Clock daemon.
authpriv: Security/authorization messages.
ftp: FTP daemon.
local0 to local7:
Local use 0–7.
Default value: kern.
tag: The tag of syslog
messages.
Default value: ppem if the parameter is omitted
or has the '' (empty string) value.
log: The parameters of sending audit event log
to a plain text file.
This group of parameters is optional. If omitted and
the audit.enabled parameter is set
to true, audit events are logged but not sent
to a plain text file.
path: The path to the plain text log file.
If the file does not exist, it is created automatically.
Example: /tmp/auth.log
mode: The file mode of the log file specified in
the path parameter. The parameter format is
0xxx, the same as for
the chmod command.
Example: 0644