Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Transferring and downloading audit logs

Audit log provides information about the use of the storage system, which can help in identifying and diagnosing potential problems.

An audit log file contains information such as a user who performed an operation in the storage system and the operation result. To obtain or view the log stored in a storage system, transfer the log to a syslog server or download the log to your PC. You can transfer the log automatically to the syslog server when information is logged. If you want to download the log manually, use the Export Audit Log in the maintenance utility.

The capacity for audit logs that can be stored in the storage system is limited. When the stored audit logs reaches the maximum capacity, the oldest data is lost as it is overwritten by the newest data. This can be avoided by transferring audit logs to syslog servers.

Transferring audit logs to syslog servers

Using maintenance utility, configure the necessary settings, such as the syslog server's address and location identifier. After you configure these settings, send a test message to confirm your settings.

Before you begin

A Syslog server must be installed in the management LAN.

Procedure

  1. Log in to the maintenance utility.

  2. Click Administration > Audit Log Settings.

  3. Click Set up Syslog Server in the Audit Log Settings window.

    Specify the Transfer Protocol, Primary Server, Secondary Server, Location Identification Name, Retry, Retry Interval, and Output Detailed Information, then click Apply.

  4. A completion message appears. Click OK.

  5. To confirm the settings, send a test message.

    1. Click Send Test Message to Syslog Server in the Audit Log Settings window.

    2. The message window opens. Click OK to close the window.

    3. Log in to the syslog server.

    4. Make sure that the syslog server receives the test message shown below.

      The following values will be set for function name and operation name:
      • Function name : AuditLog
      • Operation name : Send Test Message

      If the syslog server does not receive the test message, check the following items.

      • Syslog settings
      • Operating status and configuration of the syslog server
      • Operating status of the management LAN

Exporting audit log files stored in the storage system

You can export audit logs from either the controller or the GUM located on the controller.

The storage system has two controllers, so to get audit logs for the complete system, you must log-in to the maintenance utility on each controller to export the audit log individually.

Before you begin

You must have the Audit Log Administrator (View Only) role to perform this task.

Procedure

  1. In the maintenance utility under Administration menu, select Audit Log Settings.

  2. Click Export Audit Log in the Audit Log Settings window to select GUM or DKC.

  3. Click OK.

    NoteThe security confirmation window is displayed. If the certificate is invalid at the time of the connection, the security confirmation window is displayed. If the security confirmation window is displayed, select Continue to this website (not recommended).
  4. Save the file to the folder containing audit logs.

    NoteIf you change the location identification name of a syslog server, the location identification name on new audit logs could be changed retroactively.
    NoteIf you change the UTC time zone setting of the storage system, the times recorded on new audit logs could be changed retroactively.

 

  • Was this article helpful?