Skip to main content

Accessing and reviewing audit logs

Contributors netapp-lhalbert

Audit messages are generated by StorageGRID services and stored in text log files. API-specific audit messages in the audit logs provide critical security, operation, and performance monitoring data that can help you evaluate the health of your system.

What you'll need
  • You must have specific access permissions.

  • You must have the Passwords.txt file.

  • You must know the IP address of an Admin Node.

About this task

The active audit log file is named audit.log, and it is stored on Admin Nodes.

Once a day, the active audit.log file is saved, and a new audit.log file is started. The name of the saved file indicates when it was saved, in the format yyyy-mm-dd.txt.

After a day, the saved file is compressed and renamed, in the format yyyy-mm-dd.txt.gz, which preserves the original date.

This example shows the active audit.log file, the previous day's file (2018-04-15.txt), and the compressed file for the prior day (2018-04-14.txt.gz).

audit.log
2018-04-15.txt
2018-04-14.txt.gz
Steps
  1. Log in to an Admin Node:

    1. Enter the following command:
      ssh admin@primary_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

  2. Go to the directory containing the audit log files:

    cd /var/local/audit/export

  3. View the current or a saved audit log file, as required.