You can use the audit-sum tool to count the write, read, head, and delete audit messages and to see the minimum, maximum, and average time (or size) for each operation type.
The audit-sum tool, available on the primary Admin Node, summarizes how many write, read, and delete operations were logged and how long these operations took.
This example shows typical output from the audit-sum tool. This example shows how long protocol operations took.
message group count min(sec) max(sec) average(sec) ============= ===== ======== ======== ============ IDEL 274 SDEL 213371 0.004 20.934 0.352 SGET 201906 0.010 1740.290 1.132 SHEA 22716 0.005 2.349 0.272 SPUT 1771398 0.011 1770.563 0.487
Code | Description | Refer to |
---|---|---|
ARCT | Archive Retrieve from Cloud-Tier | ARCT: Archive Retrieve from Cloud-Tier |
ASCT | Archive Store Cloud-Tier | ASCT: Archive Store Cloud-Tier |
IDEL | ILM Initiated Delete: Logs when ILM starts the process of deleting an object. | IDEL: ILM Initiated Delete |
SDEL | S3 DELETE: Logs a successful transaction to delete an object or bucket. | SDEL: S3 DELETE |
SGET | S3 GET: Logs a successful transaction to retrieve an object or list the objects in a bucket. | SGET: S3 GET |
SHEA | S3 HEAD: Logs a successful transaction to check for the existence of an object or bucket. | SHEA: S3 HEAD |
SPUT | S3 PUT: Logs a successful transaction to create a new object or bucket. | SPUT: S3 PUT |
WDEL | Swift DELETE: Logs a successful transaction to delete an object or container. | WDEL: Swift DELETE |
WGET | Swift GET: Logs a successful transaction to retrieve an object or list the objects in a container. | WGET: Swift GET |
WHEA | Swift HEAD: Logs a successful transaction to check for the existence of an object or container. | WHEA: Swift HEAD |
WPUT | Swift PUT: Logs a successful transaction to create a new object or container. | WPUT: Swift PUT |
The audit-sum tool can process plain or compressed audit logs. For example:
audit-sum audit.log
audit-sum 2019-08-12.txt.gz
audit-sum audit.log 2019-08-12.txt.gz 2019-08-13.txt.gz
audit-sum /var/local/audit/export/*
grep WGET audit.log | audit-sum
grep bucket1 audit.log | audit-sum
grep SPUT audit.log | grep bucket1 | audit-sum
audit-sum audit.log.gz
zcat audit.log.gz | audit-sum
You can use command-line options to summarize operations on buckets separately from operations on objects or to group message summaries by bucket name, by time period, or by target type. By default, the summaries show the minimum, maximum, and average operation time, but you can use the size (-s) option to look at object size instead.
$ audit-sum -h