Copying audit logs

When you add a new Admin Node through an expansion procedure, its AMS service only logs events and actions that occur after it joins the system. You can copy audit logs from a previously installed Admin Node to the new expansion Admin Node so that it is in sync with the rest of the StorageGRID Webscale system.

Before you begin

About this task

To make the historical audit messages from other Admin Nodes available on the expansion Admin Node, you must copy the audit log files manually from the primary Admin Node, or another existing Admin Node, to the expansion Admin Node.

Steps

  1. From the service laptop, log in to the primary Admin Node:
    1. Enter the following command: ssh admin@primary_Admin_Node_IP
    2. Enter the password listed in the Passwords.txt file.
    3. Enter the following command to switch to root: su -
    4. Enter the password listed in the Passwords.txt file.
      When you are logged in as root, the prompt changes from $ to #.
  2. Stop the AMS service to prevent it from creating a new file: /etc/init.d/ams stop
  3. Rename the audit.log file to ensure that it does not overwrite the file on the expansion Admin Node you are copying it to: cd /var/local/audit/exportls -l mv audit.log new_name.txt
  4. Copy all audit log files to the expansion Admin Node: scp -p * IP_address:/var/local/audit/export
  5. If prompted for the passphrase for /root/.ssh/id_rsa, enter the SSH Access Password for the Primary Admin Node listed in the Passwords.txt file.
  6. Restore the original audit.log file: mv new_name.txt audit.log
  7. Start the AMS service: /etc/init.d/ams start
  8. Log out from the server: exit
  9. From the service laptop, log in to the expansion Admin Node:
    1. Enter the following command: ssh admin@expansion_Admin_Node_IP
    2. Enter the password listed in the Passwords.txt file.
    3. Enter the following command to switch to root: su -
    4. Enter the password listed in the Passwords.txt file.
      When you are logged in as root, the prompt changes from $ to #.
  10. Update the user and group settings for the audit log files: cd /var/local/audit/exportchown ams-user:bycast *
  11. Log out from the server: exit