Syslog audit log details
The audit logs provide a record for auditing purposes to determine when changes were made to a storage system and by which user.
Audit Log file definitions
Fields are output in comma-separated (CSV) format. This format makes it easy to import the file into a spreadsheet.
Field | Format | Description |
---|---|---|
Source | 1 char | Specifies the source of the log entry:
|
Timestamp |
YYYY/MM/DD
HH:MM:SS:MMM TMZ |
Represents the date, time, and time zone of the log entry. |
User | 1 - 16 char | Represents the user account that is making the request. |
MC | 1 char, a "1" or "2" | Represents the management console that processed the user request. |
Device | 16 char | Represents the storage image ID that consists of the following values: manufacture, type, and serial number. |
NWC | 1 char | Represents the following message types: N = notification, W = warning, and C = critical. |
Entry ID | 4 char | Represents the unique identifier that is associated with the activity that is represented by the log entry. |
Entry name | 20 char max | A text description that corresponds to the Entry ID. |
Object ID | 5 char max | Represents a unique identifier that identifies the object. |
Exit code | 8 char | Represents the final result code. |
Input
Parameters |
160 char max | Represents unformatted text that includes input parameters in the format: “attr1 = value1, attr2 = value2” with a comma (,) separator between parameters and double quotation marks around the entire field. |
Client type
|
1-16 char | Represents the user application that is making the request. |
Example
The following lines are an example of the report information that is extracted when you download
the .zip file (the wrapping is done for clarity and is not representative of your actual
report):
Note: The following example displays only a portion of an actual syslog server audit log
report.
U,2015/11/16 19:42:02:173 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"NIVolume: [id = IBM.2107-75DMC41/0240, userName = myckd_volume, originalBaseVolumeID = null,volumeSerialNumber = IBM.2107-75DMC41/0240, addressGroup = null," C,2015/11/16 9:42:02:173 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"aliasMapVolumeGroup = null, extentPool = IBM.2107-75DMC41/P0, alias = false, volumeType = NIVolumeTypeCKDBase, dataType = NIDataType3390, capacity = 50000, mtm" C,2015/11/16 19:42:02:173 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"= 0, accessState = 0, dataState = 0, configState = 0, writeCacheMode = 0, storageAllocMethod: 0, errorCode = 0, extentAllocationMethod = 0, requestedCapacity =" C,2015/11/16 19:42:02:173 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"50000, perfGrp = null, resourceGroup = null ]" U,2015/11/16 19:54:16:88 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2610,PPRC_Pair_Create,0237,0,"source = IBM.2107-75DMC41/0237, target = IBM.2107-75DMC41/0437, source = IBM.2107-75DMC41/0238, target = IBM.2107-75DMC41/0438, source = IBM.2107-75DMC41/0239," C,2015/11/16 19:54:16:88 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2610,PPRC_Pair_Create,0237,0,"target = IBM.2107-75DMC41/0439, source = IBM.2107-75DMC41/023a, target = IBM.2107-75DMC41/043a, source = IBM.2107-75DMC41/023b, target = IBM.2107-75DMC41/043b," C,2015/11/16 19:54:16:88 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2610,PPRC_Pair_Create,0237,0,"NIPPRCEstablishSynchronous, NIPPRCEstablishInitialCopyFull" U,2015/11/16 20:02:29:420 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2092,Volume_Delete,043e,0,"043e" U,2015/11/1620:02:29:420 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2092,Volume_Delete,043f,0,"043f" U,2015/11/16 20:02:29:420 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2092,Volume_Delete,0440,0,"0440" U,2016/04/06 15:27:23:748 PDT,admin,DSCLI,1,,N,1010,User_Logout,,0,"" U,2016/04/07 01:56:37:598 PDT,admin,DSCLI,1,,N,1000,User_Login,,0,"IP = /9.11.210.106" -----BEGIN SERVICE AUDIT LOG----- U,2016/03/18 11:50:14:000 PDT,customer,2,IBM.2107-75DMC40,N,8026,WUI_session_reconn,WUI_session_started_reconnected,,, U,2016/03/18 12:50:14:000 PDT,developer,2,IBM.2107-75DMC40,N,8036,Authority_to_root,Challenge Key ='Z5T9@uH7'; Authority_upgrade_to_root,,, U,2016/03/18 12:50:14:000 PDT,developer,2,IBM.2107-75DMC40,N,8036,Authority_to_root,Challenge Key ='Z5T9@uH7'; Authority_upgrade_to_root,,, U,2016/03/18 13:17:00:000 PDT,developer,2,IBM.2107-75DMC40,N,8036,Authority_to_root,Challenge Key ='Z4T6@uH8'; Authority_upgrade_to_root,,, U,2016/04/07 20:19:14:000 MST,hscroot,1,IBM.2107-75DMC80,N,8020,WUI_session_started,,,, U,2016/04/07 20:52:27:000 MST,hscroot,1,IBM.2107-75DMC80,N,8024,WUI_session_disconn,WUI_session_ended_disconnected,,, U,2016/04/07 21:47:41:000 MST,hscroot,1,IBM.2107-75DMC80,N,8026,WUI_session_reconn,WUI_session_started_reconnected,,, U,2016/04/07 21:55:34:000 MST,hscroot,1,IBM.2107-75DMC80,N,8022,WUI_session_logoff,WUI_session_ended_loggedoff,,, U,2016/04/08 01:33:58:000 MST,hscroot,1,IBM.2107-75DMC80,N,8020,WUI_session_started,,,, U,2016/04/08 03:21:25:000 MST,hscroot,1,IBM.2107-75DMC80,N,8024,WUI_session_disconn,WUI_session_ended_disconnected,,, U,2016/04/08 04:24:33:000 MST,hscroot,1,IBM.2107-75DMC80,N,8026,WUI_session_reconn,WUI_session_started_reconnected,,,