Overview

Audit logs are records of the operations performed on the storage cluster. Audit logs allow you to verify "when" "who" did what" to see if each operation complies with audit standards such as laws, regulations, industrial standards, and in-house stipulations.

Audit logs are subject to the following capacity limits:

• Maximum number of characters per line (event): 8,192 bytes (including line feed code). If the maximum number of characters is exceeded, the excess characters are truncated.

• Maximum number of events: 750,000

• Maximum capacity: 5,859 MiB

If the maximum capacity or the maximum number of events for an audit log has been reached, old information will be overwritten with new information. To prevent old information from being lost, you can configure the system to transfer audit logs to the syslog server.

(Virtual machine) Hitachi Virtual Storage Software block (VSSB) provides an audit log of events that occur in the VMs of storage nodes. For events that occur in non-VM hardware or software (for example, VMware ESXi on which VMs run, physical servers, and switches), verify the audit log for the hardware or software.

(Bare metal) Virtual Storage Software block creates audit log data for only the events that occurred on storage nodes. For the audit log data for other events that occurred in software or hardware other than storage nodes (such as a physical server or switch), see the audit log for the relevant software or hardware.

Parent Topic

• Overview

Audit logs are stored in the cluster primary node (primary). As illustrated in the following figure, you can obtain the logs by either of the following means:

• Configure transfer of audit logs to the syslog server and obtain the logs from the transfer destination syslog server.

  • Audit logs are transferred to the syslog server as text data.

  • Rsyslog 8 is supported as a syslog server.

  • Audit logs created after syslog transfer settings were made are transferred to the syslog server. Audit logs created before syslog transfer settings were made are not transferred to the syslog server.

  • For details about syslog transfer settings, see Editing Syslog transfer settings of audit logs (CLI or REST API).

• Download audit log files compiled by using the REST API or CLI.

  • Audit log files are in the csv format.

  • For the method to compile an audit log into a file by using the API or CLI and then download it, see Downloading an audit log to the controller node (CLI or REST API).

Parent Topic

• Overview