Skip to main content
SnapCenter Software 5.0

Configure audit log settings

Contributors netapp-nsriram netapp-soumikd
PDFs

Audit logs are generated for each and every activity of the SnapCenter Server. By default, audit logs are secured in the default installed location C:\Program Files\NetApp\SnapCenter WebApp\audit\.

Audit logs are secured by means of generating digitally signed digest for each and every audit events to protect it from the unauthorized modification. The generated digest's are maintained in the separate audit checksum file and it under goes periodic integrity checks to ensure the integrity of the content.

You should have logged in as the "SnapCenterAdmin" role.

About this task

  • Alerts are sent in the following scenarios:

    • Audit log integrity check schedule or Syslog server is enabled or disabled

    • Audit log integrity check, audit log, or Syslog server log failure

    • Low disk space

  • Email is sent only when integrity check fails.

  • You should modify both audit log directory and audit checksum log directory paths together. You cannot modify only one of them.

  • When audit log directory and audit checksum log directory paths are modified, the integrity check cannot be performed on audit logs present in the earlier location.

  • Audit log directory and Audit checksum log directory paths should be on the local drive of SnapCenter Server.

    Shared or network mounted drives are not supported.

  • If UDP protocol is used in the Syslog server settings, errors due to port is down or unavailable cannot be captured as either an error or an alert in SnapCenter.

  • You can use Set-SmAuditSettings and Get-SmAuditSettings commands to configure the audit logs.

    The information regarding the parameters that can be used with the cmdlet and their descriptions can be obtained by running Get-Help command_name. Alternatively, you can also refer the SnapCenter Software Cmdlet Reference Guide.

Steps

  1. In the Settings page, navigate to Settings > Global Settings > Audit log Settings.

  2. In the Audit log section, enter the details.

  3. Enter the Audit log directory and Audit checksum log directory

    1. Enter the Maximum file size

    2. Enter the Maximum log files

    3. Enter the percentage of disk space usage to send an alert

  4. (Optional) Enable Log UTC time.

  5. (Optional) Enable Audit Log Integrity Check Schedule and click Start Integrity Check for on demand integrity check.

    You can also run Start-SmAuditIntegrityCheck command to start on demand integrity check.

  6. (Optional) Enable Forwarded audit logs to remote syslog server and enter the Syslog Server details.

    You should import the certificate from the Syslog server into the 'Trusted Root' for TLS 1.2 protocol.

    1. Enter Syslog Server Host

    2. Enter Syslog Server Port

    3. Enter Syslog Server Protocol

    4. Enter RFC Format

  7. Click Save.

  8. You can see audit integrity checks and disk space checks by clicking Monitor > Jobs.