Updated on 2023-06-02 GMT+08:00

Viewing and Exporting Audit Logs

Scenario

This section describes how to view and export audit logs on MRS Manager. The audit logs can be used to trace security events, locate fault causes, and determine responsibilities.

The system record the following log information:

  • User activity information, such as user login and logout, system user information modification, and system user group information modification
  • User operation instruction information, such as cluster startup, stop, and software upgrade.

Procedure

  • Viewing audit logs
    1. On MRS Manager, click Audit to view the default audit logs.

      If an audit log contains more than 256 characters, click the expand button to view audit log details.

      • By default, records are sorted in descending order by the Occurred column. You can click Operation Type, Severity, Occurred, User, Host, Service, Instance, or Operation Result to change the sorting mode.
      • All alarms of the same severity can be filtered by Severity. The results include cleared and uncleared alarms.

      Exported audit logs contain the following information:

      • Sno: indicates the number of audit logs generated by MRS Manager. The number is incremented by 1 when a new audit log is generated.
      • Operation Type: indicates the operation type of a user operation. There are nine scenarios: Alarm, Auditlog, Backup And Restoration, Cluster, Collect Log, Host, Service, Tenant and User_Manager. User_Manager is supported only in clusters with Kerberos authentication enabled. Each scenario contains different operation types. For example, Alarm includes Export alarms; Cluster includes Start cluster, and Tenant include Add tenant.
      • Severity: indicates the security level of each audit log, including Critical, Major, Minor and Informational.
      • Start Time: indicates the time when the operation starts. The time is CET or CEST.
      • End Time: indicates the time when the operation ends. The time is CET or CEST.
      • User IP Address: indicates the IP address used by a user to perform operations.
      • User: indicates the name of the user who performs the operation.
      • Host: indicates the node where the user operation is performed. The information is not saved if the operation does not involve a node.
      • Service: indicates the service in the cluster where the user operation is performed. The information is not saved if the operation does not involve a service.
      • Instance: indicates the role instance in the cluster where the user operation is performed. The information is not saved if the operation does not involve a role instance.
      • Operation Result: indicates the operation result, including Successful, Failed and Unknown.
      • Content: indicates execution information of the user operation.
    2. Click Advanced Search. In the search area, set search criteria and click Search to view audit logs of the specified type. Click Reset to clear the search criteria.

      Start Time and End Time specify the start time and end time of the time range. You can search for alarms generated within the time range.

  • Exporting audit logs
    1. In the audit log list, click Export All to export all logs.
    2. In the audit log list, select the check box of a log and click Export to export the log.