Release notes
Display audit log contents in ONTAP
Suggest changes
PDFs
You can display the contents of the cluster's /mroot/etc/log/mlog/audit.log files by using the ONTAP CLI, System Manager, or a web browser.
The cluster's log file entries include the following:
- Time
-
The log entry timestamp.
- Application
-
The application used to connect to the cluster. Examples of possible values are
internal,console,ssh,http,ontapi,snmp,rsh,telnet, andservice-processor. - User
-
The username of the remote user.
- State
-
The current state of the audit request, which could be
success,pending, orerror. - Message
-
An optional field that might contain error or additional information about the status of a command.
- Session ID
-
The session ID on which the request is received. Each SSH session is assigned a session ID, while each HTTP, ONTAPI, or SNMP request is assigned a unique session ID.
- Storage VM
-
The SVM through which the user connected.
- Scope
-
Displays
svmwhen the request is on a data storage VM; otherwise displayscluster. - Command ID
-
The ID for each command received on a CLI session. This enables you to correlate a request and response. ZAPI, HTTP, and SNMP requests do not have command IDs.
You can display the cluster's log entries from the ONTAP CLI, from a web browser, and beginning with ONTAP 9.11.1, from System Manager.
-
To display the inventory, select Events & Jobs > Audit Logs.
Each column has controls to filter, sort, search, show, and inventory categories. The inventory details can be downloaded as an Excel workbook. -
To set filters, click the Filter button on the upper right side, then select the desired fields.
You can also view all the commands executed in the session in which a failure occurred by clicking on the Session ID link.
