You may want to know if certain actions were performed, such as message requests or starting/stopping channels. Within security, you can configure which requests you want audited. These are written to the audit tables in the database. This will capture details such as the user and time requested and the objects affected. You can also produce a report to see these requests and to export them to a CSV file.
Things to consider:
- Do you want to audit all users or specific groups?
- Are there specific actions you want to audit?
- Do you want to record granted or denied requests?
The default sample settings are designed to capture the key data when activated. For example, you do not want to typically audit inquiry commands since getting a list of queues would generate 1000s of requests. These groups are shown in the default sample as the first 2. These should be left at none unless directed by Support to set otherwise.
The 3rd group,^EXCMD_MG.*, covers all message commands including browsing messages. This is typically set to all to provide a complete history of any requests to either look at or change queues. The final set is everything else which represents most actions. This is also typically set to all to capture any changes or actions requested.
These codes represent the requests being made and map to either MQ counterparts (MQCMD) or management extensions (EXCMD). The table of all actions is in the meshIQ Secure User's Guide. For example, if you only wanted to capture channel start or stop, you would add an entry, ^MQCMD_(START|STOP)_CHANNEL which is a regular expression indicating starts with MQCMD followed by START or STOP and ends with CHANNEL.
The audit information is stored in the management database. The amount of data collected will determine the amount of data required. See this related article Why is the table adtinfo so large?
See the meshIQ Secure documentation for additional information.