audit

New Database in shareddb

Db Name is userlogs Username db2inst1 Password eiaadmin

Schema IAP There are 2 Tables

  • UserAction
  • SearchAction

userAction

A VisualQuery will return something like this

Network Search List: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns3:NetworkSearchNodeList xmlns:ns2="http://www.i2group.com/Schemas/2011-03-03/SearchService" xmlns:ns3="http://www.i2group.com/Schemas/2013-04-23/NetworkSearchService" xmlns:ns4="http://www.i2group.com/Schemas/2011-03-03/ModelSchema" xmlns:ns5="http://www.i2group.com/Schemas/2011-03-03/ModelSchemaExtension" xmlns:ns6="http://www.i2group.com/Schemas/2012-05-29/ModelData/v2"><NetworkSearchNodes><NetworkSearchNode xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns3:EntityNetworkSearchNode" NodeId="dbe13b44-5c67-4889-832c-8e60284c9ca2" IsOutputEnabled="false" Label="Person 1"><SearchNode><FilterInfos><FilterInfos><FilterInfo Id="3b180f8f-df9b-49cf-9e02-17e9bd0084a6" FilterBasis="PROPERTY_TYPE" FilterOperator="EQUAL_TO" PropertyTypeId="PT52"><Values><Value xsi:type="ns4:SimplePropertyValue"><Value>I:000000070</Value></Value></Values></FilterInfo></FilterInfos></FilterInfos><ItemTypeIds><ItemTypeIds><ItemTypeId>ET5</ItemTypeId></ItemTypeIds></ItemTypeIds></SearchNode><DisabledFilterInfoIds/></NetworkSearchNode><NetworkSearchNode xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns3:EntityNetworkSearchNode" NodeId="9330ad75-741b-4e43-84c5-178455e6c53d" IsOutputEnabled="false" Label="Person 2"><SearchNode><FilterInfos><FilterInfos/></FilterInfos><ItemTypeIds><ItemTypeIds><ItemTypeId>ET5</ItemTypeId></ItemTypeIds></ItemTypeIds></SearchNode><DisabledFilterInfoIds/></NetworkSearchNode><NetworkSearchNode xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns3:LinkNetworkSearchNode" FromNodeId="dbe13b44-5c67-4889-832c-8e60284c9ca2" ToNodeId="9330ad75-741b-4e43-84c5-178455e6c53d" NodeId="d35b62a5-3fae-4a63-8f1d-f96116e603f3" IsOutputEnabled="true" Label="Associated To 1"><SearchNode><FilterInfos><FilterInfos/></FilterInfos><ItemTypeIds><ItemTypeIds><ItemTypeId>LT2</ItemTypeId></ItemTypeIds></ItemTypeIds></SearchNode><DisabledFilterInfoIds/></NetworkSearchNode></

The references to ET5 which is defined in the I2 Schema.

So parsing this requires the I2 Schema.

FilterBasis="PROPERTY_TYPE" FilterOperator="EQUAL_TO" PropertyTypeId="PT52"> Search with a value of I:000000070

SearchAction

A slightly smaller format of the Query.

II Auditing

Just run a bit of SQL

Update system_param  set current_value='1' where param_goup = 'SOA' and param_code = 'AUDITING_ENABLED';