Updated on 2022-02-22 GMT+08:00

Configuring Audit Log Dumping Parameters

Scenario

If audit logs are stored in the database for a long time, the disk space for the data directory may be insufficient. Therefore, you can set dump parameters to automatically dump audit logs to a specified directory on a server.

If you do not configure the audit log dumping, the system automatically saves the audit logs to a file when the number of audit logs reaches 100,000 pieces. The save path is ${BIGDATA_HOME}/OMSV100R001C00x8664/workspace/conf/data/operatelog on the active management node. The file name format is OperateLog_store_YY_MM_DD_HH_MM_SS.csv. A maximum of 50 historical audit log files can be saved. The directory is automatically generated when audit logs are dumped for the first time.

Prerequisites

The ECS corresponding to the dump server must be in the same VPC as the master node of the MRS cluster, and the master node can access the IP address and specified port of the dump server. The SFTP service on the dump server is running properly.

Procedure

  1. On MRS Manager, click System.
  2. Choose Dump Audit Log under Maintenance.

    Table 1 Audit log dump parameters

    Parameter

    Value

    Description

    Dump Audit Log

    • On
    • Off

    (Mandatory) Specifies whether to enable audit log dumping.

    • On: enables audit log dumping.
    • Off: disables audit log dumping.

    Dumping Mode

    • By quantity
    • By time

    (Mandatory) Specifies the dump mode.

    • By quantity: If the number of logs reaches the value of this parameter (100,000 by default), the logs are dumped.
    • By time: Logs are dumped at a specified date.

    SFTP IP

    192.168.10.51 (example value)

    (Mandatory) Specifies the SFTP server for storing dumped audit logs.

    SFTP Port

    22 (example value)

    (Mandatory) Specifies the port of the SFTP server for storing dumped audit logs.

    Save Path

    /opt/omm/oms/auditLog (example value)

    (Mandatory) Specifies the path for storing audit logs on the SFTP server.

    SFTP Username

    root (example value)

    (Mandatory) Specifies the username for logging in to the SFTP server.

    SFTP Password

    Root_123 (example value)

    (Mandatory) Specifies the password for logging in to the SFTP server.

    SFTP Public Key

    -

    (Optional) Specifies the public key of the SFTP server. You are advised to set the public key of the SFTP server. Otherwise, security risks may exist.

    Dumping Date

    November 06 (example value)

    (Mandatory) Specifies the data when the system starts dumping audit logs. This parameter is valid when Dump Mode is set to By time. The logs to be dumped include all the audit logs generated before 00:00 on January 1 of the current year.

    Key fields in the audit log dump file are as follows:

    • USERTYPE indicates the user type. Value 0 indicates the Human-machine user, and value 1 indicates the Machine-machine user.
    • LOGLEVEL indicates the security level. Value 0 indicates critical, value 1 indicates major, value 2 indicates minor, and value 3 indicates informational.
    • OPERATERESULT indicates the operation result. Value 0 indicates that the operation is successful, and value 1 indicates that the operation is failed.