You can use the audit-explain tool to translate the audit messages in the audit log into an easy-to-read format.
The audit-explain tool, available on the primary Admin Node, provides simplified summaries of the audit messages in an audit log.
bucket1and add three objects to that bucket.
SPUT S3 PUT bucket bucket1 account:92484777680322627870 usec:124673 SPUT S3 PUT object bucket1/part1.txt tenant:92484777680322627870 cbid:9DCB157394F99FE5 usec:101485 SPUT S3 PUT object bucket1/part2.txt tenant:92484777680322627870 cbid:3CFBB07AB3D32CA9 usec:102804 SPUT S3 PUT object bucket1/part3.txt tenant:92484777680322627870 cbid:5373D73831ECC743 usec:93874
The audit-explain tool can process plain or compressed audit logs. For example:
audit-explain audit.log
audit-explain 2019-08-12.txt.gz
The audit-explain tool can also process multiple files at once. For example:
audit-explain audit.log 2019-08-12.txt.gz 2019-08-13.txt.gz
audit-explain /var/local/audit/export/*
Finally, the audit-explain tool can accept input from a pipe, which allows you to filter and preprocess the input using the grep command or other means. For example:
grep SPUT audit.log | audit-explain
grep bucket-name audit.log | audit-explain
zcat audit.log.gz | audit-explain
Use the help (-h) option to see the available options. For example:
$ audit-explain -h