Review audit messages
Audit messages can help you get a better understanding of the detailed operations of your StorageGRID system. You can use audit logs to troubleshoot issues and to evaluate performance.
During normal system operation, all StorageGRID services generate audit messages, as follows:
-
System audit messages are related to the auditing system itself, grid node states, system-wide task activity, and service backup operations.
-
Object storage audit messages are related to the storage and management of objects within StorageGRID, including object storage and retrievals, grid-node to grid-node transfers, and verifications.
-
Client read and write audit messages are logged when an S3 client application makes a request to create, modify, or retrieve an object.
-
Management audit messages log user requests to the Management API.
Each Admin Node stores audit messages in text files. The audit share contains the active file (audit.log) as well as compressed audit logs from previous days. Each node in the grid also stores a copy of the audit information generated on the node.
You can access audit log files directly from the command line of the Admin Node.
StorageGRID can send audit information by default, or you can change the destination:
-
StorageGRID defaults to local node audit destinations.
-
Grid Manager and Tenant Manager audit log entries might be sent to a Storage Node.
-
Optionally, you can change the destination of audit logs and send audit information to an external syslog server. Local logs of audit records continue to be generated and stored when an external syslog server is configured.
-
Learn about configuring audit messages and log destinations.
For details on the audit log file, the format of audit messages, the types of audit messages, and the tools available to analyze audit messages, see Review audit logs.