Viewing the detailed NetBackup audit report
You can view the actions NetBackup audits from a primary server using the NetBackup web UI. You can see full audit event details with the nbauditreport command.
To view the full audit report
- Log on to the primary server.
- Enter the following command to display the audit report in the summary format.
Windows: install_path\NetBackup\bin\admincmd\nbauditreport
UNIX: /usr/openv/netbackup/bin/admincmd\nbauditreport
Or, run the command with the following options.
-sdate
<"MM/DD/YY [HH:[MM[:SS]]]">
The start date and time of the report data you want to view.
-edate
<"MM/DD/YY [HH:[MM[:SS]]]">
The end date and time of the report data you want to view.
-ctgy category
The category of user action that was performed. Categories such as POLICY may contain several sub-categories such as schedules or backup selections. Any modifications to a sub-category are listed as a modification to the primary category.
See the NetBackup Commands Guide for -ctgy options.
-user
<username[:domainname]>
Use to indicate the name of the user for whom you'd like to display audit information.
-fmt DETAIL
The -fmt DETAIL option displays a comprehensive list of audit information. For example, when a policy is changed, this view lists the name of the attribute, the old value, and the new value. This option has the following sub-options:
[-notruncate] . Display the old and new values of a changed attribute on separate lines in the details section of the report.
[-pagewidth <NNN>] . Set the page width for the details section of the report.
-fmt PARSABLE
The -fmt PARSABLE option displays the same set of information as the DETAIL report but in a parsable format. The report uses the pipe character (|) as the parsing token between the audit report data. This option has the following sub-options:
[-order <DTU|DUT|TDU|TUD|UDT|UTD>]. Indicate the order in which the information appears.
D (Description)
T (Timestamp)
U (User)
- The audit report contains the following details:
DESCRIPTION
The details of the action that was performed.
USER
The identity of the user who performed the action.
TIMESTAMP
The time that the action was performed.
The following information only displays if you use the -fmt DETAIL or the -fmt PARSABLE options.
CATEGORY
The category of user action that was performed.
ACTION
The action that was performed.
REASON
The reason that the action was performed. A reason displays if a reason was specified for the operation that created the change.
DETAILS
An account of all of the changes, listing the old values and the new values.
Example of the audit report:
[root@server1 admincmd]# ./nbauditreport TIMESTAMP USER DESCRIPTION 04/20/2018 11:52:43 root@server1 Policy 'test_pol_1' was saved but no changes were detected 04/20/2018 11:52:42 root@server1 Schedule 'full' was added to Policy 'test_pol_1' 04/20/2018 11:52:41 root@server1 Policy 'test_pol_1' was saved but no changes were detected 04/20/2018 11:52:08 root@server1 Policy 'test_pol_1' was created 04/20/2018 11:17:00 root@server1 Audit setting(s) of master server 'server1' were modified Audit records fetched: 5