Skip to main content

Copy audit logs

Contributors netapp-pcarriga netapp-lhalbert
PDFs

When you add a new Admin Node through an expansion procedure, its AMS service only logs events and actions that occur after it joins the system. As required, you can copy audit logs from a previously installed Admin Node to the new expansion Admin Node so that it's in sync with the rest of the StorageGRID system.

Before you begin

  • You have completed the required expansion steps to add an Admin Node.

  • You have the Passwords.txt file.

About this task

To make historical audit messages available on a new Admin Node, you must copy the audit log files manually from an existing Admin Node to the expansion Admin Node.

Note

By default, audit information is sent to the localaudit log on each node. To use this procedure, you must have configured the Admin Nodes as the audit destination as follows:

  • You configured Admin Nodes/local nodes as the log destination.

  • You configured Admin Nodes and external syslog server as the log destination.

Refer to Configure audit messages and external syslog server for details.
Steps

  1. Log in to the primary Admin Node:

    1. Enter the following command: ssh admin@_primary_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  2. Stop the AMS service to prevent it from creating a new file: service ams stop

  3. Navigate to the audit export directory:

    cd /var/local/audit/export/

  4. Rename the source audit.log file to ensure that it doesn't overwrite the file on the expansion Admin Node you are copying it to:

    ls -l
mv audit.log _new_name_.txt

  5. Copy all audit log files to the destination location on the expansion Admin Node:

    scp -p * IP_address:/var/local/audit/export/

  6. If prompted for the passphrase for /root/.ssh/id_rsa, enter the SSH Access Password for the Primary Admin Node listed in the Passwords.txt file.

  7. Restore the original audit.log file:

    mv new_name.txt audit.log

  8. Start the AMS service:

    service ams start

  9. Log out from the server:

    exit

  10. Log in to the expansion Admin Node:

    1. Enter the following command: ssh admin@expansion_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  11. Update the user and group settings for the audit log files:

    cd /var/local/audit/export/

    chown ams-user:bycast *

  12. Log out from the server:

    exit