Get started
Event-specific data
Suggest changes
-
PDF of this doc site
-
Install and maintain appliance hardware
-
Install and upgrade software
-
Perform system administration
-
Monitor and maintain StorageGRID
-
Recover and maintain
-
Grid node recovery procedures
-
-
-
Collection of separate PDF docs
Creating your file...
Each audit message in the audit log records data specific to a system event.
Following the opening [AUDT: container that identifies the message itself, the next set of attributes provide information about the event or action described by the audit message. These attributes are highlighted in the following example:
2018-12-05T08:24:45.921845 [AUDT:*\[RSLT\(FC32\):SUCS\]* \[TIME\(UI64\):11454\]\[SAIP\(IPAD\):"10.224.0.100"\]\[S3AI\(CSTR\):"60025621595611246499"\] \[SACC\(CSTR\):"account"\]\[S3AK\(CSTR\):"SGKH4_Nc8SO1H6w3w0nCOFCGgk__E6dYzKlumRsKJA=="\] \[SUSR\(CSTR\):"urn:sgws:identity::60025621595611246499:root"\] \[SBAI\(CSTR\):"60025621595611246499"\]\[SBAC\(CSTR\):"account"\]\[S3BK\(CSTR\):"bucket"\] \[S3KY\(CSTR\):"object"\]\[CBID\(UI64\):0xCC128B9B9E428347\] \[UUID\(CSTR\):"B975D2CE-E4DA-4D14-8A23-1CB4B83F2CD8"\]\[CSIZ\(UI64\):30720\][AVER(UI32):10] \[ATIM(UI64):1543998285921845]\[ATYP\(FC32\):SHEA\][ANID(UI32):12281045][AMID(FC32):S3RQ] \[ATID(UI64):15552417629170647261]]
The ATYP element (underlined in the example) identifies which event generated the message. This example message includes the SHEA message code ([ATYP(FC32):SHEA]), indicating it was generated by a successful S3 HEAD request.