Help Center > > User Guide> Managing Active Clusters> Log Management> Viewing and Exporting Audit Logs

Viewing and Exporting Audit Logs

Updated at:Nov 06, 2019 GMT+08:00

Scenario

On MRS Manager, view and export audit logs for post-event tracing, fault cause locating, and responsibility classification of security events.

The system records the following log information:

  • User activity information, such as user login and logout, and modifications to system user and system user group information
  • Information about user operation instructions, such as cluster startup and shutdown, and software upgrades.

Procedure

  • View the audit logs.
    1. On MRS Manager, click Audit to view the default audit logs.

      If the content of the audit log contains more than 256 characters, click the unfold button to unfold audit details and then click log file to download the complete log file.

      • By default, audit logs are displayed in descending order by Occurred On. You can click Operation Type, Severity, Occurred On, User, Host, Service, Instance, or Operation Result to change the display mode.
      • You can filter out all audit logs of the same severity in Severity, including both cleared and uncleared alarms.

      Export the audit logs, which contain the following information:

      • Sno: indicates the number of audit logs generated by MRS Manager. The number is incremented by 1 when a new audit log is generated.
      • Operation Type: indicates the type of user operations. User operations are classified into the following scenarios: User_Manager, Cluster, Service, Host, Alarm, Collect Log, Auditlog, Backup And Restoration, Tenant. User_Manager is supported only by clusters with Kerberos authentication enabled. Each scenario contains different operation types. For example, Alarm contains Export alarms, Cluster contains Start Cluster, and Tenant contains Add Tenant.
      • Severity: indicates the security level of each audit log, including Critical, Major, Minor, and Information.
      • Start Time: indicates the CET or CEST time when a user operation starts.
      • End Time: indicates the CET or CEST time when a user operation ends.
      • User IP Address: indicates the IP address used by a user.
      • User: indicates the name of a user who performs the operations.
      • Host: indicates the node where a user operation is performed. The information is not saved if the operation does not involve a node.
      • Service: indicates the service on which a user operation is performed. The information is not saved if the operation does not involve a service.
      • Instance: indicates the role instance on which a user operation is performed. The information is not saved if the operation does not involve a role instance.
      • Operation Result: indicates the user operation result, including Successful, Failed, and Unknown.
      • Content: indicates execution information of the user operation.
    2. Click Advanced Search. In the audit log search area, set search criteria and click Search to view the desired audit logs. Click Reset to reset search criteria.

      You can set Start Time and End Time to specify the time range when logs are generated.

  • Export the audit logs.

    In the audit log list, select the checkbox of a log and click Export, or click Export All.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel