cancel
Showing results for 
Search instead for 
Did you mean: 

How to find and collect audit logs

puneetd
Level 3

We have one master server and two media server one of them is appliance 5230 and other is installed on Windows server 2008. we have three user who has full access on master server. I want to collect audit logs for different purpose as below:

  • If anyone changes policy then i can found what changes was made, who changes and which time that policy was changed.
  • details of new client added in the policy.
  • schedule change or backup job run by anyone
  • or any kind of change using master server

Please suggest me if I can collect these logs from master server or opscenter.

8 REPLIES 8

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited
Hi,

If Im not mistaken you can do this using Opscenter Analytics. See the OpsCenter Admin Guide attached.

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited
Hi,
If Im not mistaken you can do this using Opscenter Analytics...See teu document attached.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
nbaudit runs by default on a master server.

You may want to look at nbauditreport:
http://www.veritas.com/docs/000118560

You will also get a number of related forum posts if you paste this into Google:
site:vox.veritas.com nbauditreport

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Thanks for reply. This and all reply helps me to collect the audit logs but here is a problem that the logs are generated only for administrator. The changes by the other users are not showing in these logs. while the empty folders by the usernames are created in <Installation Path>\Veritas\NetBackup\logs\user_ops. 

How can I generate or find the logs for the other users?

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Have you looked at Enhanced auditing?

Have you enabled it?

 

I think, I got the solution. Thanks @Marianne for pointing me on Enhanced auditing. I check and also read about it. I found that the default mode is active and in this mode, User is audited as a root or administrator. that's why I am not getting logs for other users. I need to change my configuration for NBAC or Enhanced auditing.