Configuring Audit Log Dumping
Scenarios
The audit logs of FusionInsight Manager are stored in the database by default. If the audit logs are retained for a long time, the disk space of the data directory may be insufficient. To store audit logs to another archive server, you can set the required dump parameters to automatically dump these logs. This facilitates the management of audit logs.
If you do not configure the audit log dumping, the system automatically saves the audit logs to a file when the number of audit logs reaches 100,000 pieces. The save path is ${BIGDATA_DATA_HOME} /dbdata_om/dumpData/iam/operatelog on the active management node. The file name format is OperateLog_store_YY_MM_DD_HH_MM_SS.csv. The maximum number of historical audit log files is 50.
Procedure
- Log in to FusionInsight Manager.
- Choose Audit > Configurations.
- Click the switch on the right of Dump Audit Log.
By default, Dump Audit Log is disabled. If this parameter is set to , the function is enabled.
- Set the dump parameters based on information provided in Table 1
Table 1 Audit log dump parameters Parameter
Description
Value
SFTP IP Mode
IP address mode. The value can be IPv4 or IPv6.
IPv4
SFTP IP
Specifies the SFTP server for storing dumped audit logs. This parameter is mandatory. You are advised to use the SFTP service based on SSH v2. Otherwise, security risks exist.
192.168.10.51 (example value)
SFTP Port
Specifies the port of the SFTP server for storing dumped audit logs. This parameter is mandatory.
22 (example value)
Save Path
Specifies the path for storing audit logs on the SFTP server. This parameter is mandatory.
/opt/omm/oms/auditLog (example value)
SFTP Username
Specifies the username for logging in to the SFTP server. This parameter is mandatory.
root (example value)
SFTP Password
Specifies the password for logging in to the SFTP server. This parameter is mandatory.
Root_123 (example value)
SFTP Public key
Specifies the public key of the SFTP server. This parameter is optional. You are advised to set the public key of the SFTP server. Otherwise, security risks may exist.
-
Dumping Mode
Specifies the dump mode. This parameter is mandatory.
- By Quantity: If the number of pieces of logs reaches the value of this parameter (100000 by default), the logs are dumped.
- By Time: specifies the date when logs are dumped. The dumping frequency is once a year.
- By Quantity
- By Time
Dumping Date
This parameter is mandatory. It is available when the dump mode is set to By Time. After you select a dump date, the system starts dumping on this date. The logs to be dumped include all the audit logs generated before January 1 00:00 of the current year.
November 06 (example)
If the SFTP public key is empty, the system prompts a security risk message. Determine the security risk, then save the configuration.
- Click OK to complete the settings.
Key fields in the audit log dump file are as follows:
- USERTYPE indicates the user type. Value 0 indicates the Human-machine user, and value 1 indicates the Machine-machine user.
- LOGLEVEL indicates the security level. Value 0 indicates Critical, value 1 indicates Major, value 2 indicates Minor, and value 3 indicates Warning.
- OPERATERESULT indicates the operation result. Value 0 indicates that the operation is successful, and value 1 indicates that the operation is failed.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot