Auditing

Contributors netapp-alavoie Download PDF of this page

To identify changes both expected (for tracking) or unexpected (for troubleshooting), you can view an audit trail of the Cloud Insights system events and user activities.

Viewing Audited Events

To View the Audit page, click Admin > Audit in the menu. The Audit page is displayed, providing the following details for each audit entry:

  • Time - Date and time of the event or activity

  • User - The User who initiated the activity

  • Role - The user’s role in Cloud Insights (guest, user, administrator)

  • IP - The IP address associated with the event

  • Action - Type of activity, for example Login, Create, Update

  • Category - The category of activity

  • Details - Details of the activity

Displaying audit entries

There are a number of different ways to view audit entries:

  • You can display audit entries by choosing a particular time period (1 hour, 24 hours, 3 days, etc.).

  • You can change the sort order of entries to either ascending (up arrow) or descending (down arrow) by clicking the arrow in the column header.

    By default, the table displays the entries in descending time order.

  • You can use the filter fields to show only the entries you want in the table. Click the [+] button to add additional filters.

    Audit Filters

More on Filtering

You can use any of the following to refine your filter:

Filter

What it does

Example

Result

* (Asterisk)

enables you to search for everything

vol*rhel

returns all resources that start with "vol" and end with "rhel"

? (question mark)

enables you to search for a specific number of characters

BOS-PRD??-S12

returns BOS-PRD12-S12, BOS-PRD23-S12, and so on

OR

enables you to specify multiple entities

FAS2240 OR CX600 OR FAS3270

returns any of FAS2440, CX600, or FAS3270

NOT

allows you to exclude text from the search results

NOT EMC*

returns everything that does not start with "EMC"

None

searches for blank/NULL/None in any field where selected

None

returns results where the target field is not empty

Not *

as with None above, but you can also use this form to search for NULL values in text-only fields

Not *

returns results where the target field is not empty.

""

searches for an exact match

"NetApp*"

returns results containing the exact literal string NetApp*

If you enclose a filter string in double quotes, Insight treats everything between the first and last quote as an exact match. Any special characters or operators inside the quotes will be treated as literals. For example, filtering for "*" will return results that are a literal asterisk; the asterisk will not be treated as a wildcard in this case. The operators OR and NOT will also be treated as literal strings when enclosed in double quotes.

Audited Events and Actions

The events and actions audited by Cloud insights can be categorized in the following broad areas:

  • User account: Log in, log out, role change, etc.

    Example: User Tony Lavoie logged in from 10.1.120.15, user agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36, login method(s) Cloud Central Portal Login

  • Acquisition Unit: create, delete, etc.

    Example: Acquisition unit AU-Boston-1 removed.

  • Data Collector: add, remove, modify, postpone/resume, change acquisition unit, start/stop, etc.

    Example: Datasource FlexPod Lab removed, vendor NetApp, model ONTAP Data Management Software, ip 192.168.106.5.

  • Application: add, assign to object, remove, etc.

    Example: Internal Volume ocisedev:t1appSVM01:t1appFlexVol01 added to application Test App.

  • Annotation: add, assign, remove, annotation rule actions, annotation value changes, etc.

    Example: Annotation value Boston added to annotation type SalesOffice.

  • Query: add, remove, etc.

    Example: Query TL Sales Query is added.

  • Monitor: add, remove, etc.

    Example: Monitor Aggr Size - CI Alerts Notifications Dev updated

  • Notification: change email, etc.

    Example: Recipient ci-alerts-notifications-dl created

Exporting Audit Events

You can export the results of your Audit display to a .CSV file, which will allow you to analyze the data or import it into another application.

Steps
  1. On the Audit page, set the desired time range and any filters you want. Cloud Insights will export only the Audit entries that match the filtering and time range you have set.

  2. Click the Export button Export Button in the upper right of the table.

The displayed Audit events will be exported to a .CSV file, up to a maximum of 10,000 rows.