Client Recorder Extension commands

When you have created a Client Recorder Extension configuration, you can control the Client Recorder Extension by issuing commands.

To understand how to apply Client Recorder Extension commands, refer to any “Recorder” packages installed alongside the Client Recorder Extension. These packages demonstrate how to provide commands. For example ‘Recorder - Clear Subscriptions [Windows]’ demonstrates the use of the recorder command ‘recorder.uninstall’.

recorder.register-subscription

Adds a subscription to the Client Recorder Extension. To update or change a subscription, issue this command with updated configuration information and use the same name and domain. The name and domain are configured by using the FileInfoProviderName and FileInfoProviderDomain configuration settings.

recorder.get-subscription

Returns the subscription the product registered.

recorder.remove-subscription

Removes subscriptions added by recorder.register-subscription. For the last subscription, uninstall is called and removes all audit rules.

recorder.query

Constructs a SQL command and run against the recorder database.

recorder.snapshot

Backs up the recorder database to a directory.

recorder.uninstall

Ensures that the event sources are disabled, audit rules are removed properly, and all subscriptions are removed. The effect of returning the system back to initial install. The exception when the auditing system is in immutable mode, on system reboot, it returns to initial state.

recorder.enable-capture

Enables the capture of events to support the replay of data from event sources. Captures data to extensions\recorder\stage2.bin. Disabled by default.

recorder.disable-capture

Disables the capture of events.

recorder.reset-resource-monitor

Resets the resource monitor in the event that the recorder was stopped because of a health check. If the recorder is stopped because of a health check, the following message is returned: Subscriptions suspended due to resource monitoring exceeded.

recorder.reset-db

On next reboot the recorder database is deleted and re-created.

recorder.register-system-excludes

Enables the paths of files to filter from the Linux audit daemon (auditd) logging.

recorder.remove-system-excludes

Disables the paths of files to filter from the Linux audit daemon (auditd) logging.

recorder.get-system-excludes

Returns an enumeration of all system exclusions.

Last updated: 9/10/2020 10:36 AM | Feedback