Changing audit message levels

You can adjust audit levels to increase or decrease the number of audit messages recorded in the audit log for each audit message category.

Before you begin

About this task

The audit messages recorded in the audit log are filtered based on the settings on the Configuration > Audit page.

You can set a different audit level for each of the following categories of messages:
  • System: By default, this level is set to Normal.
  • Storage: By default, this level is set to Error.
  • Management: By default, this level is set to Normal.
  • Client Reads: By default, this level is set to Normal.
  • Client Writes: By default, this level is set to Normal.
Note: For new installations starting at 10.3 and beyond, the above defaults are in effect. For upgrades of systems implemented prior to 10.3, the default for all categories is set to Normal.
Note: During upgrades, audit level configurations will not be effective immediately.

Steps

  1. Select Configuration > Audit.

    screen shot of Configuration > Audit
  2. For each category of audit message, select an audit level from the drop-down list:
    Audit level Description
    Off No audit messages from the category are logged.
    Error Only error messages are logged—audit messages for which the result code was not "successful" (SUCS).
    Normal Standard transactional messages are logged—the messages listed in this guide for the category.
    Debug Deprecated. This level behaves the same as the Normal audit level.

    The messages included for any particular level include those that would be logged at the higher levels. For example, the Normal level includes all of the Error messages.

  3. Under Audit Protocol Headers, enter the name of the HTTP request headers to be included in Client Read and Client Write audit messages. Use an asterisk (*) as a wildcard, or use the escape sequence (\*) as a literal asterisk. Click the plus sign to create a list of header name fields.
    Note: Audit protocol headers apply to S3 and Swift requests only.
    When such HTTP headers are found in a request, they are included in the audit message under the field HTRH.
    Note: Audit protocol request headers are logged only if the audit level for Client Reads or Client Writes is not Off.
  4. Click Save.