View the Archived Audit Data

Use the activid_decrypt_archive.sh script (in the Utilities/Decrypt-Archive folder on the ActivID Appliance Companion delivery disk) to extract and view the audit archive file:

  1. Copy the Audit_Myhost_MyDOMAIN_20240812-000011.tar from your remote folder to the machine hosting the ActivID Appliance Companion delivery disk contents.

  2. Run the <companion disk home>/Utilities/Decrypt-Archive/activid_decrypt_archive.sh script using the following command:

    Copy 
    activid_decrypt_archive.sh –i "<archived audit file>" -o <output dir> -p <password>

    3. Where:

    Parameter Description

    -i

    .tar file generated by ActivID Appliance.

    -o

    Output folder is not created. The path must be a correct path to a folder.

    -p

    Password used to generate the .tar archive.

    For example:

    Copy 
    activid_decrypt_archive.sh –i "/home/archivedaudit/Audit_Myhost_MyDOMAIN_20240812-000011.tar " –o /home/archivedaudits –p <your archive file password> 

    The Audit_Myhost_MyDOMAIN_OBF_20240812-000011.csv file is created in the output folder.

    Note: If there are no audit events to archive for a domain, you do not need to decrypt the archive as it only contains a readme.

  3. Open and view the Audit_Myhost_MyDOMAIN_OBF_20240812-000011.csv file with a spreadsheet program (for example, Microsoft® Excel).

Note: If you use Microsoft Excel to view the audit data, you can derive the date of the timestamp by converting the number of seconds using conversion tools such as https://www.epochconverter.com/