D.69. tarantella query audit

Displays all log entries matching some criteria.


tarantella query audit
{ --app app | --person person | --host host | --filter filter }
[ --server arrayhost ]
[ --format text|csv|xml ]


The following table shows the available options for this command.




Displays log entries referring to a specific application. Use the object name for the application.


Displays log entries referring to a specific person. Use the object name for the person.


Displays log entries referring to a specific SGD server. Use the object name or a peer DNS name for the server.


An RFC2254-compliant LDAP search filter to find matching entries to display. Enclose the filter in quotes. You can use the =, ~=, <= and >= matching rules in the filter.


Only show log entries from the specified SGD server. Use a peer DNS name. If you omit this option, log entries across the entire array are displayed.


Specifies the output format. The default setting is text. If you select the text format, SGD formats the log output so that it is easy to read on scree, but it does not show every detail logged. Using the csv format shows every detail logged but it is only suitable for outputting to a file.


The output that you see depends on the Log Filter settings for the array. To produce log entries for processing by this command, make sure the Log Filter attribute on the Global Settings → Monitoring tab in the Administration Console includes at least one filter that outputs to a .jsl file.

Using a Filter

The attributes you use in the filter are the log fields used in the .jsl log files. The following table lists the commonly used attributes.

Field Name



The logging component/sub-component/severity setting used in the log filters. For example, to find entries for a server/printing/* log filter, you can use a "(log-category=*printing*)" filter


The system date and time when the event took place. The format is yyyy/MM/dd HH:mm:ss.SSS.


The IP address of a client or server associated with an event.


The keyword for auditable events.


The peer DNS name of the SGD server where the event took place.


The process ID of the event.


The type of security used on a connection, std or ssl.


The system Coordinated Universal Time (UTC) time, in milliseconds, when the event took place.


The name of an object associated with an event. For example, starting an application session can record the name of the user, the application and the SGD server.


A complete list of all the log fields is available in the /opt/tarantella/var/serverresources/schema/log.at.conf schema file.


The following example displays all log entries for the UNIX system user indigo that were logged on the SGD server boston.example.com.

# tarantella query audit \
--person .../_user/indigo --server boston.example.com

The following example outputs all log entries that refer to the Write-o-Win application, in comma-separated values (CSV) format.

# tarantella query audit \
--app "o=applications/cn=Write-o-win" --format csv

The following example outputs all log errors that occurred on or after 23 October 2003 for the Write-o-Win application, in human-readable text format.

# tarantella query audit \
--filter "(&(log-category=*error*)(log-tfn-name=o=applications/cn=Write-o-win) \
(log-date>=2003/10/23 00:00:00.0))" \
--format text