Skip to main content
BlueXP classification

Audit the history of BlueXP classification actions

Contributors netapp-tonacki amgrissino netapp-bcammett

BlueXP classification logs management activities that have been performed on files from all the working environments and data sources that BlueXP classification is scanning. BlueXP classification also logs the activities when deploying the BlueXP classification instance.

You can view the contents of the BlueXP classification audit log files, or download them, to see what file changes have occurred, and when. For example, you can see what request was issued, the time of the request, and details such as source location in case a file was deleted, or source and destination location in case a file was moved.

NOTE This information is relevant only for BlueXP classification legacy versions 1.30 and earlier.

Log file contents

Each line in the audit log contains information in this format:

<full date> | <status> | ds_audit_logger | <module> | 0 | 0 | File <full file path> deleted from device <device path> - <result>

  • Date and time - full timestamp for the event

  • Status - INFO, WARNING

  • Action type (delete, copy, move, create policy, update policy, rescan files, download JSON report, etc.)

  • File name (if the action is relevant to a file)

  • Details for the action - what was done: depends on the action

    • Policy name

    • For move - Source and destination

    • For copy - Source and destination

    • For tag - tag name

    • For assign to - user name

    • For email alert - email address / account

For example, the following lines from the log file show a successful copy operation and a failed copy operation.

2022-06-06 15:23:08,910 | INFO | ds_audit_logger | es_scanned_file | 237 | 49 | Copy file /CIFS_share/data/dop1/random_positives.tsv from device 10.31.133.183 (type: SMB_SHARE) to device 10.31.130.133:/export_reports (NFS_SHARE) - SUCCESS
2022-06-06 15:23:08,968 | WARNING | ds_audit_logger | es_scanned_file | 239 | 153 | Copy file /CIFS_share/data/compliance-netapp.tar.gz from device 10.31.133.183 (type: SMB_SHARE) to device 10.31.130.133:/export_reports (NFS_SHARE) - FAILURE

Log file locations

The management audit log files are located on the BlueXP classification machine in: /opt/netapp/audit_logs/

The installation audit log files are written to /opt/netapp/install_logs/

Each log file can be a maximum of 10 MB in size. When that limit is reached, a new log file is started. The log files are named "DataSense_audit.log", "DataSense_audit.log.1", "DataSense_audit.log.2", and so on. A maximum of 100 log files are retained on the system - older log files are deleted automatically after the maximum has been reached.

Access the log files

You'll need to log into the BlueXP classification system to access the log files. See how to log in to the BlueXP classification system depending on whether you manually installed the software on a Linux machine or if you deployed the instance in the cloud.