Skip to main content
A newer release of this product is available.

Copying audit logs

Contributors
PDFs

When you add a new Admin Node through an expansion procedure, its AMS service only logs events and actions that occur after it joins the system. You can copy audit logs from a previously installed Admin Node to the new expansion Admin Node so that it is in sync with the rest of the StorageGRID system.

What you'll need

  • You must have completed the required expansion steps to add an Admin Node.

  • You must have the Passwords.txt file.

About this task

To make the historical audit messages from other Admin Nodes available on the expansion Admin Node, you must copy the audit log files manually from the primary Admin Node, or another existing Admin Node, to the expansion Admin Node.

Steps

  1. Log in to the primary Admin Node:

    1. Enter the following command: ssh admin@_primary_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  2. Stop the AMS service to prevent it from creating a new file: service ams stop

  3. Rename the audit.log file to ensure that it does not overwrite the file on the expansion Admin Node you are copying it to:

    cd /var/local/audit/export
    ls -l
    mv audit.log new_name.txt

  4. Copy all audit log files to the expansion Admin Node:

    scp -p * IP_address:/var/local/audit/export

  5. If prompted for the passphrase for /root/.ssh/id_rsa, enter the SSH Access Password for the Primary Admin Node listed in the Passwords.txt file.

  6. Restore the original audit.log file:

    mv new_name.txt audit.log

  7. Start the AMS service:

    service ams start

  8. Log out from the server:

    exit

  9. Log in to the expansion Admin Node:

    1. Enter the following command: ssh admin@expansion_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  10. Update the user and group settings for the audit log files:

    cd /var/local/audit/export
    chown ams-user:bycast *

  11. Log out from the server:

    exit