Accessing and reviewing audit logs

Audit messages are generated by StorageGRID services and stored in text log files. API-specific audit messages in the audit logs provide critical security, operation, and performance monitoring data that can help you evaluate the health of your system.

Before you begin

About this task

The active audit log file is named audit.log, and it is stored on Admin Nodes.

Once a day, the active audit.log file is saved, and a new audit.log file is started. The name of the saved file indicates when it was saved, in the format yyyy-mm-dd.txt.

After a day, the saved file is compressed and renamed, in the format yyyy-mm-dd.txt.gz, which preserves the original date.

This example shows the active audit.log file, the previous day's file (2018-04-15.txt), and the compressed file for the prior day (2018-04-14.txt.gz).



  1. Log in to an Admin Node:
    1. Enter the following command: ssh admin@primary_Admin_Node_IP
    2. Enter the password listed in the Passwords.txt file.
  2. Go to the directory containing the audit log files: cd /var/local/audit/export
  3. View the current or a saved audit log file, as required.