Copy audit logs

Contributors netapp-madkat

When you add a new Admin Node through an expansion procedure, its AMS service only logs events and actions that occur after it joins the system. As required, you can copy audit logs from a previously installed Admin Node to the new expansion Admin Node so that it is in sync with the rest of the StorageGRID system.

What you’ll need
  • You have completed the required expansion steps to add an Admin Node.

  • You have the Passwords.txt file.

About this task

To make historical audit messages available on a new Admin Node, you must copy the audit log files manually from an existing Admin Node to the expansion Admin Node.

Note

By default, audit information is sent to the audit log on Admin Nodes. You can skip these steps if either of the following applies:

  • You configured an external syslog server and audit logs are now being sent to the syslog server instead of to Admin Nodes.

  • You explicitly specified that audit messages should be saved only on the local nodes that generated them.

Steps
  1. Log in to the primary Admin Node:

    1. Enter the following command: ssh admin@_primary_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  2. Stop the AMS service to prevent it from creating a new file: service ams stop

  3. Rename the audit.log file to ensure that it does not overwrite the file on the expansion Admin Node you are copying it to:

    cd /var/local/audit/export
    ls -l
    mv audit.log new_name.txt

  4. Copy all audit log files to the expansion Admin Node:

    scp -p * IP_address:/var/local/audit/export

  5. If prompted for the passphrase for /root/.ssh/id_rsa, enter the SSH Access Password for the Primary Admin Node listed in the Passwords.txt file.

  6. Restore the original audit.log file:

    mv new_name.txt audit.log

  7. Start the AMS service:

    service ams start

  8. Log out from the server:

    exit

  9. Log in to the expansion Admin Node:

    1. Enter the following command: ssh admin@expansion_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  10. Update the user and group settings for the audit log files:

    cd /var/local/audit/export
    chown ams-user:bycast *

  11. Log out from the server:

    exit