pmlogadmin> archive <event_log_path> <archive_path> --before <YYYY-MM-DD>
[--clean-source] [--dest-dir <destination_path>] [--no-zip] pmlogadmin> archive <event_log_path> <archive_path> --older-than <days>
[--clean-source] [--dest-dir <destination_path>] [--no-zip] pmlogadmin> backup <event_log_path> <backup_path> pmlogadmin> create <new_event_log_path> pmlogadmin> encrypt enable|disable|rekey <event_log_path> pmlogadmin> help [<command>] pmlogadmin> import [-y|-n] <source_event_log> <dest_event_log> pmlogadmin> info <event_log_path> pmlogadmin> --help|-h pmlogadmin> --version|-v
Privilege Manager event log administration utility. Use pmlogadm to manage encryption options on the event log.
pmlogadm has the following options.
Displays usage information.
By default the help command displays the general usage output. When you specify a command, it displays a usage summary for that command.
|-v, --version||Displays the version number of Safeguard and exits.|
|--verbose||Enables verbose output.|
Disables all output to stdout. Errors are output to stderr.
Moves old events to an archive.
archive <event_log_path> <archive_name> --before <YYYY-MM-DD> [--cleansource] [--dest-dir <destination_path>] [--no-zip]
archive <event_log_path> <archive_name> --older-than <days> [--cleansource] [--dest-dir <destination_path>] [--no-zip]
Moves events that occurred before the indicated date (YYYY-MM-DD) to an archive-named archive_name. If you use the second form, specify the date as days before the current date.
The archive is created in the current working directory unless you specify a destination path using the --dest-dir option. By default, the archive is compressed using tar and gzip, but you can skip this using the --no-zip option, in which case the resulting archive is a directory containing the new log with the archived events.
All files in that directory are required to access the archive. To access the archive, use pmlog. Moving events to an archive may not reduce the actual file size of the event log. To reduce the file size, the source log must be cleaned. To clean the source log, add the --clean-source option.
When a large number of events are present in the source log this option can increase the archive process time and use a large amount of disk space while the process runs. Once started, do not interrupt the process.
|backup||Creates a backup of the source log (event_log_path), in location backup_log.|
Creates new empty audit files for that log.
This may include a keyfile which has the -kf suffix, a journal file with the -wal suffix, and a -shm system file. It is critical that the group of files that make up an event log remain together at all times. Removal of any one of these files may result in permanent loss of access to the event log.
Enables or disables encryption of an event log.
encrypt enable|disable|rekey <event_log_path>
By default all event logs created by Safeguard are encrypted using the AES-256 standard. The encryption key is stored in the keyfile which is in the same path as the event log and has the same file name, and the -kf suffix. It is critical that this file remain in the same path as the main event log file.
You can decrypt the whole log file using the encrypt disable command, passing the path of the main event log file as an argument. Enable encryption using encrypt enable. The encrypt rekey command generates a new encryption key and re-encrypt all data in the event log using that new key data. The key file is automatically updated with the new key data if the operation succeeds.
import [-y|-n] <source_event_log> <dest_event_log>
Import events from source_event_log, adding them to dest_event_log.
Displays information about the event log.
Displays information about the event_log_path. The information reported includes the current encryption status of the event log, the size of the file and the number of events contained in the log.
The following entries in the /etc/opt/quest/qpm4u/pm.settings file are used by pmlogadm
Specify the location of the event log queue, used by both pmmasterd and pmlogsrvd. This option is only used to determine whether the pmlogsrvd service is currently running.
For more usage information for a specific command, run:
pmlogadm help <command>
The default Privilege Manager event log file is located at:
Other files that may be used by pmlogadm are:
- settings file: /etc/opt/quest/qpm4u/pm.settings
- pid file: /var/opt/quest/qpm4u/evcache/pmlogsrvd.pid