Access and review audit logs
Audit messages are generated by StorageGRID services and stored in text log files. API-specific audit messages in the audit logs provide critical security, operation, and performance monitoring data that can help you evaluate the health of your system.
-
You have specific access permissions.
-
You have the
Passwords.txt
file. -
You know the IP address of an Admin Node.
The active audit log file is named audit.log
, and it is stored on Admin Nodes.
Once a day, the active audit.log file is saved, and a new audit.log
file is started. The name of the saved file indicates when it was saved, in the format yyyy-mm-dd.txt
.
After a day, the saved file is compressed and renamed, in the format yyyy-mm-dd.txt.gz
, which preserves the original date.
This example shows the active audit.log
file, the previous day's file (2018-04-15.txt
), and the compressed file for the prior day (2018-04-14.txt.gz
).
audit.log 2018-04-15.txt 2018-04-14.txt.gz
-
Log in to an Admin Node:
-
Enter the following command:
ssh admin@primary_Admin_Node_IP
-
Enter the password listed in the
Passwords.txt
file. -
Enter the following command to switch to root:
su -
-
Enter the password listed in the
Passwords.txt
file.When you are logged in as root, the prompt changes from
$
to#
.
-
-
Go to the directory containing the audit log files:
cd /var/local/audit/export
-
View the current or a saved audit log file, as required.