Skip to main content

Copy audit logs from failed non-primary Admin Node

Contributors

If you are able to copy audit logs from the failed Admin Node, you should preserve them to maintain the grid's record of system activity and usage. You can restore the preserved audit logs to the recovered non-primary Admin Node after it is up and running.

This procedure copies the audit log files from the failed Admin Node to a temporary location on a separate grid node. These preserved audit logs can then be copied to the replacement Admin Node. Audit logs aren't automatically copied to the new Admin Node.

Depending on the type of failure, you might not be able to copy audit logs from a failed Admin Node. If the deployment has only one Admin Node, the recovered Admin Node starts recording events to the audit log in a new empty file and previously recorded data is lost. If the deployment includes more than one Admin Node, you can recover the audit logs from another Admin Node.

Note If the audit logs aren't accessible on the failed Admin Node now, you might be able to access them later, for example, after host recovery.
  1. Log in to the failed Admin Node if possible. Otherwise, log in to the primary Admin Node or another Admin Node, if available.

    1. Enter the following command: ssh admin@grid_node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

    When you are logged in as root, the prompt changes from $ to #.

  2. Stop the AMS service to prevent it from creating a new log file:service ams stop

  3. Navigate to the audit export directory:

    cd /var/local/log

  4. Rename the source audit.log file to a unique numbered file name. For example, rename the audit.log file to 2023-10-25.txt.1.

    ls -l
    mv audit.log 2023-10-25.txt.1
  5. Restart the AMS service: service ams start

  6. Create the directory to copy all audit log files to a temporary location on a separate grid node: ssh admin@grid_node_IP mkdir -p /var/local/tmp/saved-audit-logs

    When prompted, enter the password for admin.

  7. Copy all audit log files to the temporary location: scp -p * admin@grid_node_IP:/var/local/tmp/saved-audit-logs

    When prompted, enter the password for admin.

  8. Log out as root: exit