cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

options for logging actions performed in java admin GUI?

tythecellist
Level 4
Partner

‎05-04-2016 09:12 PM

My team logs into our NBU 7.6 (RHEL) master server through Kerberos, authenticating back to AD.  Based on entries in /usr/openv/java/auth.conf, they have the ability to perform all usual administrative functions, as expected.

My experience has been that if your credentials allow you to perform admin functions, those functions end up being run under the covers as root.  As such, any logging for admin functions would be recorded as being run by root.

Here's what I'd like, however:  A log entry that records when < team member> performs an administrative function, using the java GUI.  For example, a log entry when one of my junior engineers accidently cancells all jobs from within Activity Monitor.

I haven't found this facility yet ... does it exist ?

thanks!

ty

Reply
4 REPLIES 4

PatS729
Level 5

‎05-04-2016 11:40 PM

I guess, additionally you need to configure NBAC on Master Server. NBAC = NetBackup Access Control.

https://www.veritas.com/support/en_US/article.HOWTO89754

 

0 Kudos
Reply

mph999
Level 6
Employee Accredited

‎05-04-2016 11:52 PM

https://www.veritas.com/support/en_US/article.000044103

Not sure you would get the user who carried out the action though, for this you would need nbac

0 Kudos
Reply

Tape_Archived
Moderator
Moderator
   VIP   

‎05-05-2016 08:11 AM

Please look into these logs and you should be able to find the relevant information. Please create these directories if you don't have already setup.

bpjava-msvc - Java application server authentication service

bpjava-usvc - process that services Java requests

 

Here you may need to have the process id when the user is logged on the unix server.  I have used these logs to figure out the user who killed the jobs and you should be able to. Just grep for netbackup commands and user id & relevant combination.

0 Kudos
Reply

tythecellist
Level 4
Partner

‎05-05-2016 10:03 AM

Thanks all for your suggestions.   From what I understand, NBAC is still not a viable option for us due to concerns about its reliability.  

Tape_Archvied, thank you for your suggestion to create those log directories.  I've done so, along with bpjava-susvc, then restarted my Java Admin GUI after also validating that /usr/openv/java/Debug.properties contains
printcmds=true
printCmdLines=true
debugMask=0x0004000

... but in making changes to configurations in the Admin GUI when logged in as myself, I do not find those changes represented in any logs found inside the three directories above.  I'll keep searching.

0 Kudos
Reply