Accessing and reviewing audit logs

Audit messages are generated by StorageGRID Webscale services and stored in text log files. API-specific audit messages in the audit logs provide critical security, operation, and performance monitoring data that can help you evaluate the health of your system.

Before you begin

About this task

The active audit log file is named audit.log, and it is stored on Admin Nodes.

Once a day, the active audit.log file is saved, and a new audit.log file is started. The name of the saved file indicates when it was saved, in the format yyyy-mm-dd.txt.

After a day, the saved file is compressed and renamed, in the format yyyy-mm-dd.txt.gz, which preserves the original date.

This example shows the active audit.log file, the previous day's file (2018-04-15.txt), and the compressed file for the prior day (2018-04-14.txt.gz).

audit.log
2018-04-15.txt
2018-04-14.txt.gz

Steps

  1. Log in to an Admin Node:
    1. Enter the following command: ssh admin@Admin_Node_IP
    2. Enter the password listed in the Passwords.txt file.
    3. Enter the following command to switch to root: su -
    4. Enter the password listed in the Passwords.txt file.
      When you are logged in as root, the prompt changes from $ to #.
  2. Go to the directory containing the audit log files: cd /var/local/audit/export
  3. View the current or a saved audit log file, as required.