Copy audit logs
When you add a new Admin Node through an expansion procedure, its AMS service only logs events and actions that occur after it joins the system. As required, you can copy audit logs from a previously installed Admin Node to the new expansion Admin Node so that it is in sync with the rest of the StorageGRID system.
-
You have completed the required expansion steps to add an Admin Node.
-
You have the
Passwords.txt
file.
To make historical audit messages available on a new Admin Node, you must copy the audit log files manually from an existing Admin Node to the expansion Admin Node.
By default, audit information is sent to the audit log on Admin Nodes. You can skip these steps if either of the following applies:
See Configure audit messages and log destinations for details. |
-
Log in to the primary Admin Node:
-
Enter the following command:
ssh admin@_primary_Admin_Node_IP
-
Enter the password listed in the
Passwords.txt
file. -
Enter the following command to switch to root:
su -
-
Enter the password listed in the
Passwords.txt
file.When you are logged in as root, the prompt changes from
$
to#
.
-
-
Stop the AMS service to prevent it from creating a new file:
service ams stop
-
Rename the
audit.log
file to ensure that it does not overwrite the file on the expansion Admin Node you are copying it to:cd /var/local/audit/export
ls -l
mv audit.log new_name.txt
-
Copy all audit log files to the expansion Admin Node:
scp -p * IP_address:/var/local/audit/export
-
If prompted for the passphrase for
/root/.ssh/id_rsa
, enter the SSH Access Password for the Primary Admin Node listed in thePasswords.txt
file. -
Restore the original
audit.log
file:mv new_name.txt audit.log
-
Start the AMS service:
service ams start
-
Log out from the server:
exit
-
Log in to the expansion Admin Node:
-
Enter the following command:
ssh admin@expansion_Admin_Node_IP
-
Enter the password listed in the
Passwords.txt
file. -
Enter the following command to switch to root:
su -
-
Enter the password listed in the
Passwords.txt
file.When you are logged in as root, the prompt changes from
$
to#
.
-
-
Update the user and group settings for the audit log files:
cd /var/local/audit/export
chown ams-user:bycast *
-
Log out from the server:
exit