Copying audit logs from the failed primary Admin Node

If you are able to copy audit logs from the failed primary Admin Node, you should preserve them to maintain the grid's record of system activity and usage. You can restore the preserved audit logs to the recovery primary Admin Node after it is up and running.

About this task

This procedure copies the audit log files from the failed Admin Node to a temporary location on a separate grid node. These preserved audit logs can then be copied to the replacement Admin Node. Audit logs are not automatically copied to the new Admin Node.

Depending on the type of failure, you might not be able to copy audit logs from a failed Admin Node. If the deployment has only one Admin Node, the recovered Admin Node starts recording events to the audit log in a new empty file and previously recorded data is lost. If the deployment includes more than one Admin Node, you can recover the audit logs from another Admin Node.

Note: If the audit logs are not accessible on the failed Admin Node now, you might be able to access them later, for example, after host recovery.

Steps

  1. From the service laptop, log in to the failed Admin Node if possible. Otherwise, log in to the primary Admin Node or another Admin Node, if available.
    1. Enter the following command: ssh admin@grid-node_IP
    2. Enter the password listed in the Passwords.txt file.
    3. Enter the following command to switch to root: su -
    4. Enter the password listed in the Passwords.txt file.
      When you are logged in as root, the prompt changes from $ to #.
  2. Stop the AMS service to prevent it from creating a new log file:service ams stop
  3. Rename the audit.log file so that it does not overwrite the file on the recovered Admin Node when you copy it to the recovered Admin Node.
    Rename audit.log to a unique numbered file name such as yyyy-mm-dd.txt.1. For example, you can rename the audit.log file to 2015-10-25.txt.1cd /var/local/audit/exportls -lmv audit.log 2015-10-25.txt.1
  4. Restart the AMS service: service ams start
  5. Create the directory to copy all audit log files to a temporary location on a separate grid node: ssh admin@grid_node_IP mkdir -p /var/local/tmp/saved-audit-logs
    When prompted, enter the password for admin.
  6. Copy all audit log files: scp -p * admin@grid_node_IP:/var/local/tmp/saved-audit-logs
    When prompted, enter the password for admin.
  7. Log out as root: exit