Search <book_title>...

NetBackup™ Commands Reference Guide

Last Published: 2024-03-27

Product(s): NetBackup & Alta Data Protection (10.4)

Introduction
Appendix A. NetBackup Commands
1. acsd
2. backupdbtrace
3. backuptrace
4. bmrc
5. bmrconfig
6. bmrepadm
7. bmrprep
8. bmrs
9. bmrsrtadm
10. bp
11. bparchive
12. bpbackup
13. bpbackupdb
14. bpcatarc
15. bpcatlist
16. bpcatres
17. bpcatrm
18. bpcd
19. bpchangeprimary
20. bpcleanrestore
21. bpclient
22. bpclimagelist
23. bpclntcmd
24. bpclusterutil
25. bpcompatd
26. bpconfig
27. bpdbjobs
28. bpdbm
29. bpdgclone
30. bpdown
31. bpduplicate
32. bperror
33. bpexpdate
34. bpfis
35. bpflist
36. bpgetconfig
37. bpgetdebuglog
38. bpimage
39. bpimagelist
40. bpimmedia
41. bpimport
42. bpinst
43. bpkeyfile
44. bpkeyutil
45. bplabel
46. bplist
47. bpmedia
48. bpmedialist
49. bpminlicense
50. bpnbat
51. bpnbaz
52. bppficorr
53. bpplcatdrinfo
54. bpplclients
55. bppldelete
56. bpplinclude
57. bpplinfo
58. bppllist
59. bpplsched
60. bpplschedrep
61. bpplschedwin
62. bppolicynew
63. bpps
64. bprd
65. bprecover
66. bprestore
67. bpretlevel
68. bpschedule
69. bpschedulerep
70. bpsetconfig
71. bpstsinfo
72. bpstuadd
73. bpstudel
74. bpstulist
75. bpsturep
76. bptestbpcd
77. bptestnetconn
78. bpup
79. bpverify
80. cat_convert
81. cat_export
82. cat_import
83. configureCerts
84. configureMQ
85. configureWebServerCerts
86. create_nbdb
87. csconfig cldinstance
88. csconfig cldprovider
89. csconfig meter
90. csconfig reinitialize
91. csconfig throttle
92. duplicatetrace
93. importtrace
94. jbpSA
95. jnbSA
96. ltid
97. mklogdir
98. msdpcldutil
99. nbauditreport
100. nbcallhomeproxyconfig
101. nbcatsync
102. NBCC
103. NBCCR
104. nbcertcmd
105. nbcertupdater
106. nbcldutil
107. nbcmdrun
108. nbcomponentupdate
109. nbcplogs
110. nbcredkeyutil
111. nbdb_admin
112. nbdb_backup
113. nbdb_move
114. nbdb_ping
115. nbdb_restore
116. nbdb_unload
117. nbdb2adutl
118. nbdbms_start_server
119. nbdbms_start_stop
120. nbdc
121. nbdecommission
122. nbdelete
123. nbdeployutil
124. nbdevconfig
125. nbdevquery
126. nbdiscover
127. nbdna
128. nbemm
129. nbemmcmd
130. nbepicfile
131. nbfindfile
132. nbfirescan
133. nbfp
134. nbftadm
135. nbftconfig
136. nbgetconfig
137. nbhba
138. nbholdutil
139. nbhostidentity
140. nbhostmgmt
141. nbhypervtool
142. nbidpcmd
143. nbimageshare
144. nbinstallcmd
145. nbjm
146. nbkmiputil
147. nbkmscmd
148. nbkmsutil
149. nboraadm
150. nborair
151. nboracmd
152. nbpem
153. nbpemreq
154. nbmariadb
155. nbmlb
156. nbperfchk
157. nbplupgrade
158. nbrb
159. nbrbutil
160. nbreplicate
161. nbrepo
162. nbrestorevm
163. nbseccmd
164. nbserviceusercmd
165. nbsetconfig
166. nbshvault
167. nbsmartdiag
168. nbsnapimport
169. nbsnapreplicate
170. nbsqladm
171. nbsqlite
172. nbstl
173. nbstlutil
174. nbstop
175. nbsu
176. nbsvrgrp
177. netbackup_deployment_insights
178. resilient_clients
179. restoretrace
180. stopltid
181. tldd
182. tldcd
183. tpautoconf
184. tpclean
185. tpconfig
186. tpext
187. tpreq
188. tpunmount
189. verifytrace
190. vltadm
191. vltcontainers
192. vlteject
193. vltinject
194. vltoffsitemedia
195. vltopmenu
196. vltrun
197. vmadd
198. vmchange
199. vmcheckxxx
200. vmd
201. vmdelete
202. vmoprcmd
203. vmphyinv
204. vmpool
205. vmquery
206. vmrule
207. vmupdate
208. vnetd
209. vssat
210. vwcp_manage
211. vxlogcfg
212. vxlogmgr
213. vxlogview
214. W2KOption

Name

nbauditreport — Generate and view an audit report

SYNOPSIS

On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/admincmd/

On Windows systems, the directory path to this command is install_path\NetBackup\bin\admincmd\

DESCRIPTION

The nbauditreport command lets you create and view a NetBackup audit report.

When auditing is configured in a NetBackup environment, the following user-initiated actions in NetBackup are recorded and available to view in an audit report:

Actions that change the NetBackup configuration. Examples are policy creation, deletion, and modification, and changing the audit settings.
Actions that change NetBackup run-time objects. These actions include initiating a restore job and starting or stopping the audit service.

This command only creates and displays the audit report. You must use the nbemmcmd -changesetting -AUDIT ENABLED and nbemmcmd -changesetting -AUDIT DISABLED commands to enable and disable auditing itself.

For more about auditing and audit reports, see the NetBackup Administrator's Guide, Volume I and NetBackup Security and Encryption Guide.

OPTIONS

Specifies the type of information to be displayed in the audit report. The audit function records and displays information on the use-initiated actions for the pertinent area (job, pool, etc.). The following are the possible values for this option and the items that are audited for each value:

ALERT - failure in alert generation or failure in sending email notifications.
ANOMALY - anomaly status changes such as report as false positive.
ANOMALY_EXTENSIONS - for a new anomaly that is generated through a specific anomaly extension.
ANOMALY_EXTENSIONS_DETAILS - for a modification that was done to a specific anomaly extension.
ANOMALY_NEW - for any new anomaly generated.
ANOMALY_RULES_RESULTS - for an output of a specific anomaly rule.
ASSET - deleting an asset, such as a vCenter server or a virtual machine, as part of the POST /asset-cleanup process in the Asset Database API.
ASSETGROUP - creating, modifying, or deleting an asset group as well any action on an asset group for which a user is not authorized.
AUDITCFG - auditing configuration changes
AUDIT_LOG_FORWARD - auditing events specific to the third-party tools that are configured for audit.
AUDITSVC - starting and stopping the NetBackup Audit service (nbaudit)
AZFAILURE - authorization failures
BMR - Create, modify, and delete Bare Metal Restore operations.
BPCONF - changes to the bp.conf file (UNIX only).
CATALOG - verifying and expiring images; and reading front-end usage data
CERT - certificate deployment
CONFIG - changes made to the configuration settings (for example SMTP server configuration) or to the excluded status codes list for alerts
CONNECTION - dropped host connections
DATAACCESS - the audit messages that are related to success and failure of access to different NetBackup operations. Audit messages are displayed for restore and browse images operations only.
EVENT_AUDIT - All the events that are logged are captured as audit records under this audit category. Any user-initiated actions using commands and NetBackup Administration Console (through commands or user services) are event logged. Note the following points:
- Actions that require the primary server daemons are audited.
- Any scheduled NetBackup actions like scheduled backup, are not audited.
- Any user-initiated actions using the NetBackup web UI are not audited.
- The events that are associated with the first daemon that receives the request are logged.
- Events that are associated with the subsequent daemons are not logged.
HOLD - create, modify, and delete hold operations.
HOST - NetBackup host database-related operations
IRE - Isolated recovery environment-related operations
JOB - job changes
LICENSING - track any access to information that is related to licensing
LOGIN - logon attempts
MALWARE_IMPACTED - any client detected as impacted through malware scan.
MALWARE_SCAN_STATUS - malware scan job status such as failed, completed.
MALWARE_SCAN_TRIGGER - malware scan that is triggered automatically or manually.
PAUSED_CLIENTS - for any clients that are added or deleted from the pause protection list.
POLICY - Adding, deleting, or updating policy attributes, clients, schedules, and backup selections lists.
POOL - disk storage pool changes.
PROTECTION_PLAN_SVC - modifications to the protection plan.
RETENTION_LEVEL - changes to the retention level.
SEC_CONFIG - changes made to the security configuration settings.
SLP - Creating, modifying, or deleting a storage lifecycle policy (SLP) when initiated through a NetBackup graphical user interface, API, or the nbstl command. Successful attempts to activate or suspend an SLP from a NetBackup graphical user interface or API are also audited and logged. Activating and suspending an SLP using the nbstlutil command are not audited.
STORAGESRV - storage server information and user actions
STU - storage unit changes
TOKEN - authorization tokens
UI_CONFIG - changes made for the NetBackup web UI.
USER - adding or deleting users

The default condition, when none of the options are specified, is to display the audit report of all categories.

-exclude_ctgy [audit_category]

Use this option to exclude a specific category from the list of audit records.

-fmt [SUMMARY | DETAIL | PARSABLE]

Specifies the output format of the audit report.

SUMMARY is the default condition (no option used). The audit report is a summary only. It displays the audit report in columnar format using the description, user, and timestamp headings.
DETAIL displays a comprehensive list of auditing information. For example, when a policy is changed, this view lists the name of the attribute, the old value, and the new value.
PARSABLE displays the same set of information as the DETAIL report but in a parsable format. The report uses the pipe character (|) as a separator of the audit data. Use keywords available with the report (DESCRIPTION, ACTION, OLDV, NEWV, etc.) to parse the audit record.
The parsable report contains the following fields:
- DESCRIPTION. The details of the action that was performed. The details include the new values that are given to a modified object and the new values of all attributes for a newly created object. The details also show any deleted objects.
- TIMESTAMP. The time that the action occurred. The time is displayed in Coordinated Universal Time (UTC) and is indicated in seconds.
- CATEGORY. The category of user action that was performed. Categories such as POLICY may contain several sub-categories such as schedules or backup selections. Any modifications to a sub-category are listed as a modification to the primary category. The categories are as follows:
  ALERT - failure in alert generation or failure in sending email notifications.
  AUDITCFG - Auditing configuration changes
  AUDIT_LOG_FORWARD - Auditing events specific to the third-party tools that are configured for audit.
  AUDITSVC - Starting and stopping the NetBackup Audit service (nbaudit)
  AZFAILURE - Requests that fail authorization checks
  BPCONF - Changes to the bp.conf file (UNIX only)
  CATALOG - Verifying and expiring images; and reading front-end usage data
  CERT - Creating, revoking, renewing, and deploying of certificates and specific certificate failures
  CONFIG - changes made to the configuration settings (for example SMTP server configuration) or to the excluded status codes list for alerts
  DATAACCESS - The audit messages that are related to success and failure of access to different NetBackup operations. Audit messages are displayed for restore and browse images operations only.
  HOLD - Create, modify, and delete hold operations.
  HOST - Information that is related to NetBackup host database operations.
  IRE - Isolated recovery environment configuration and state changes.
  JOB - Job changes such as cancelations or deletions
  LICENSING - track any access to information that is related to licensing
  LOGIN - The success and failure that is related to NetBackup Administration Console and NetBackup API logon attempts.
  POLICY - Modification to policy attributes, clients, schedules, or backup selections
  POOL - Disk storage pool changes
  PROTECTION_PLAN_SVC - modifications to the protection plan
  RETENTION_LEVEL - changes to the retention level
  SEC_CONFIG - Information that is related to changes that are made to the security configuration settings
  SLP - Creation, modification, or deletion SLP attributes or windows when they are initiated through a NetBackup graphical user interface, API, or the nbstl command.
  STORAGESRV - Storage server creation, modification, or deletion. User actions on the storage server.
  STU - Storage unit creation, modification, or deletion
  TOKEN - Creating, deleting, and cleanup of tokens and specific token issuing failures
  UI_CONFIG - Information that is related to changes that are made for the NetBackup web UI.
  USER - Adding or deleting users
- CONNECTION - Information about the dropped host connections.
- ACTION. The activity that was performed. The following actions are possible for all categories: Detailed descriptions of the specific activities that are performed for each action are found in the DESCRIPTIONS and the DETAILS fields of the command output.
- REASON. Reason that is given for the performed action if any. If the audit reason for host and host ID-to-host name mapping operations contains more than 512 characters, the reason text is truncated to 512 characters.
- DETAILS. Detailed information on the activity that is separated into attributes (ATTR_num), each with a descriptive name followed by OLDV/NEWV (old value/new value) pair.
  Example for a policy deletion: ATTR_1: Policy Type OLDV: Standard NEWV:

-iso_std_tfmt

Use this option to display the time in ISO8601 and RFC 3339 formats.

-notruncate

Displays the old and new values of a changed attribute on separate lines in the details section of the report. This option is used with the -fmt DETAIL option.

-order [DTU | DUT | TDU | TUD | UDT | UTD]

Specifies the order in which the information is displayed in the parsable format of the audit report. This option can be used only with the -fmt PARSABLE option. The D, T, and U designators represent the following:

D - description
T - timestamp
U - user

-pagewidth NNN

Specifies the page width for the details section of the audit report. This option is used with the -fmt DETAIL option.

-sdate mm/dd/yyyy-hh:mm:ss | mm/dd-hh:mm -edate mm/dd/yyyy-hh:mm:ss | mm/dd-hh:mm

Sets the start date-time (-sdate) or the end date-time (-edate) of the audit report data that you want to view. No time indication is necessary.

If the start date is specified and the end date is not, the displayed audit data is from the specified start time to the present. If the end date is specified and the start date is not, the displayed audit data is up to the end date.

-user username[:domainname]

Indicates the name of the user for whom you want to display audit information.

EXAMPLES

Example 1 - Display all audit events that are reported from April 1, 2013 to the present.

# nbauditreport -sdate 04/01/13

USER         DESCRIPTION                                                TIMESTAMP   
Admin@entry  Schedule 'test1' was added to Policy 'test1'               04/06/13 
Admin@entry  Audit setting(s) of master server 'server1' were modified  04/06/13
Admin@entry  Audit setting(s) of master server 'server1' were modified  04/06/13 
sys@server1  The nbaudit service on master server 'server1' was started 04/06/13 
sys@server1  The nbaudit service on master server 'server1' was stopped 04/06/13 
sys@server1  The nbaudit service on master server 'server1' was started 04/06/13 

Audit records fetched: 7

Example 2 - Display a detailed audit report for when Joe modified a set of policy attributes. Because the policy was changed only one time since 6/8/13, one audit record is retrieved.

# nbauditreport -fmt DETAIL -ctgy POLICY -sdate 6/8/13

DESCRIPTION: Attributes of Policy 'pol_stugrp' were modified
USER: joe
TIMESTAMP: 06/08/2013 19:14:25
CATEGORY: POLICY
ACTION: MODIFY
DETAILS:
    ATTRIBUTE                OLD VALUE                 NEW VALUE
  1 Proxy Client
  2 Residence                                          stu_grp
  3 Collect TIR info         2                         0
  4 Checkpoint Restart       0                         1
  5 Checkpoint Interval      0                         15
  6 Data Mover Type          2                         -1
  7 Collect BMR Info         1                         0
  8 Policy Generation        1                         2

Audit records fetched: 1

The DETAILS entry shows the old value and new value of all the attributes that Joe changed.

Example 3 - Display an audit report for all hold operations that were performed since August 30, 2013.

# nbauditreport -ctgy HOLD -sdate "08/30/13 22:46:50" -fmt DETAIL 
DESCRIPTION: Hold with hold name test hold for report1 is created
USER: root@aellora.mydomain.com
TIMESTAMP: 08/30/13 22:47:56
CATEGORY: HOLD
ACTION: CREATE
REASON:
DETAILS:
    ATTRIBUTE             OLD VALUE             NEW VALUE
  1 On-hold image list                          nakul2.mydomain.co 

DESCRIPTION: Hold with hold name test hold for report1 is created
USER: root@aellora.mydomain.com
TIMESTAMP: 08/30/13 22:47:54
CATEGORY: HOLD
ACTION: CREATE
REASON: 

Audit records fetched: 2

Example 4 - Display a detailed audit report for all security operations.

# nbauditreport -ctgy SEC_CONFIG -fmt DETAIL
DESCRIPTION: Updated 'Role' 'Default VMware Administrator'
USER: secadmin@domain
TIMESTAMP: 05/02/2021 10:38:24
CATEGORY: SEC_CONFIG
ACTION: MODIFY
REASON:
DETAILS:
   ATTRIBUTE                OLD VALUE    NEW VALUE
 1 User principal                        domain:vmadmin:nt

Audit records fetched: 1