Auditing system and user activities

If you want to locate unexpected changes, you can view an audit trail of the OnCommand Insight system and its user activities. Audit log messages can optionally be sent to syslog in addition to being displayed on the Audit page.

About this task

Insight generates audit entries for any user activities that affect the storage network or its management, including the following:


  1. Open Insight in your browser.
  2. Click Admin and select Audit.
    The Audit page displays the audit entries in a table.
  3. You can view the following details in the table:
    Date and time that the changes were made
    Name of user associated with the audit entry
    User account's role, which is guest, user, or administrator
    IP address associated with the audit entry
    Type of activity in the audit entry
    Details of the audit entry
    If there is a user activity that affects a resource, such as a data source or an application, the details include a link to the resource's landing page.
    Note: When a data source is deleted, the user activity details related to the data source no longer contain a link to the data source's landing page.
  4. You can display audit entries by choosing a particular time period (1 hour, 3 hours, 24 hours, 3 days, and 7 days), with Insight showing a maximum number of 1000 violations for the selected time period.
    You can click a page number below the table to browse through data by page if there is more data than fits on a single page.
  5. You change the sort order of the columns in a table to either ascending (up arrow) or descending (down arrow) by clicking the arrow in the column header; to return to the default sort order, click any other column header.
    By default, the table displays the entries in descending order.
  6. You can use the filter box to show only the entries you want in the table.
    To see only the audit entries by the user izzyk, type izzyk in the filter box.