# Export audit logs Audit logs can be exported only from the online database using the shell `audit.sh` (`/bin`). The command connects to the Ceman node where this command is located. After launching the `audit.sh` script, you must provide the following parameters: * **Username and password** of the user executing the export. * **Output file name** to be assigned to the generated file. 🚀 The exported file is automatically compressed and you must set the appropriate extension for the exported file name: * `.csv.gz` in Unix platforms * `.csv.zip` for Windows platforms * **Start date and end date** that define the export range.\ The script supports **two formats** for both the `from-date` and `to-date` parameters: * yyyy-MM-dd * yyyy-MM-ddTHH:mm:ss (includes hours, minutes, and seconds for greater precision) For example: ``` ./audit.sh -u superuser -P export -o ./test.csv.gz --from-date 2026-04-02T07:00:00 --to-date 2026-04-02T08:59:59 ``` In this example, the audit logs are exported from **April 2, 2026 at 07:00:00** to **April 2, 2026 at 08:59:59** and saved to `test.csv.gz`. A maximum of 100,000 records are exported in the configured interval. To ensure the authenticity and integrity of records, and confirm that they have not been tampered with, HMAC (Hash-based Message Authentication Code) is used. For each record, the HMAC is calculated by concatenating the record's information with the HMAC of a previous record. Each HMAC is recalculated every five minutes.\ The concatenated HMAC of all the lines of the file is shown at the end of the exported file: ``` "","","","","","","","","","","","","","", "1bf72381954476ccde426945e9ca98c432ab06dacc9c2965ea79040b6596f572" ``` The `-o` parameter for the file output is present only when executing the `export` command. The `verify -i` parameter can be used to check whether the audit logs have been tampered with. Use `-i` to specify the input file that must be verified. In the following example, the `list.csv` file is verified: `./audit.sh -u superuser -P verify -i ./list.csv` The `verify` parameter will print a message that can belong to three categories: 1. **The file is ok, there are no lines in error** ``` ###################################### CHECK FILE: THE FILE IS OK HMAC: 885d5e3c1c421073794fe8a781b87a3182cf4aa4dedc0d87720663157491d8c5 ###################################### ``` 2. **The file is ok, but there are lines in error**\ This occurs when the file is intact, but the corresponding content in the database is not. ``` ###################################### CHECK FILE: THE FILE IS OK HMAC: be348c541a9a621b8c5b292801433ff2324192e5e88afd50f561e21fd8a3d563 ###################################### LINES WITH ERROR: "2025-02-26 12:21:44.593","Ceman Audit","AUD0007A","a9aca5af-3a63-47bc-98a8-704c77df7cd8","User 'ghibli-superuser' has logged in","CEMAN","10.120.1.1","ghibli-superuser","LOGIN","CEMAN","10.120.1.1","CEMAN","8af881e59541f6f4019541fdc3920015","HMAC ERROR-AUD-E01" "2025-02-26 12:21:47.005","Ceman Audit","AUD0007A","2df8dac7-4c42-4784-a63f-f7a5b2b32826","User 'ghibli-superuser' has logged in","CEMAN","10.120.1.1","ghibli-superuser","LOGIN","CEMAN","10.120.1.1","CEMAN","8af881e59541f6f4019541fdccff0018","HMAC ERROR - PREVIOUS RECORD NOT FOUND-AUD-E02" ###################################### ``` Look for these entries, indicating that the file is not intact in the database: * **HMAC ERROR-AUD-E01**: this indicates that the HMAC has been tampered with in the database. * **HMAC ERROR - PREVIOUS RECORD NOT FOUND-AUD-E02**: this indicates that the line was deleted from the database. 3. **The file has been tampered with** The HMAC of the file is given for reference. ``` ###################################### CHECK FILE: THE FILE IS TAMPERED HMAC: da9fc54bf809cada462b0ad432815d6e5fcfaf03076dfabb126d15884dff1b22 ###################################### ``` **The Audit Exporter CLI** ``` default@ceman:/ceman/bin$ ./audit.sh Usage: audit [-hLV] [-C=] [-R=] -u= (-p= | -P) [COMMAND] Audit Exporter CLI -C, --connect-timeout-seconds= Connect timeout seconds (default if not specified: `300`) -h, --help Show this help message and exit. -L, --enable-console-log Enable console log -p, --password-file= Single-line file containing the password in clear text -P, --password Interactive password, prompted on console if not specified -R, --read-timeout-seconds= Read timeout seconds (default if not specified: `420`) -u, --username= Username -V, --version Print version information and exit. Commands: help Displays help information about the specified command export Export Audit (use "help export" to display help information) verify Export Verify (use "help verify" to display help information) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-mover-1.20/logs-and-audit/audit-options/export-audit-logs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.