auditlog info (audit log information summary)
The auditlog info command adds a JSON count information file to the audit log files. Times are in yyyyMMddHHmmss format. If no specific timeframe is specified, the default is the current day's start date and the time you issue the auditlog info command. This command provides multiple filtering options for the data returned. You direct the JSON count file to an output directory of your choice.
Usage
auditlog info --n fieldName --s startTime --e endTime --f filterBy --fw filterByWild --fa filterByAdditional --ob orderBy --a ascending --odirectory| Required | Argument | Description |
|---|---|---|
| No | --n fieldName | Specifies the name of the field to include on the auditlog info returned. You can specify more than one field name. For example, "username" and "value" are companion fields, so you may want to include both in your results. |
| No | --s startTime | Specifies start time and start date for audit logging. The date format is:
yyyyMMddHHmmss. |
| No | --e endTime | Specifies end time and end date for audit logging. The date format is:
yyyyMMddHHmmss. |
| No | --f filterBy | Specifies a specific entity to use as a results filter. For example, "username:system." |
| No | --fw filterByWild | Allows you to use the asterisk (*) character to filter the information returned. For example, to search for an object ID containing the string "info," specify objectID:*info. |
| No | --fa filterByAdditional | Specifies an additional value to use in filtering the information returned. For example, you could use a specific date to restrict the returned information to a calendar day. |
| No | --ob orderByType | Allows you to order the returned information by "loglevel" or "timestamp." The default ordering is by time stamp. |
| No | --a ascending | Shows Boolean results in ascending order. The default ordering is true then false if this filter is not specified. |
| No | --o directory | Specifies the output directory for the auditlog information. |
Example
This example asks to return results for a 24-hour timebox, for an admin-level user, ordered from earliest event to latest event, sending the results to a directory named c:\Precisely\auditlog_info\results.
auditlog info --s 20191231000000 --e 20200101000000 --f userlevel:admin --ob timestamp --o c:\Precisely\auditlog_info\results