Syslog audit log details

The audit logs provide a record for auditing purposes to determine when changes were made to a storage system and by which user.

Audit Log file definitions

Fields are output in comma-separated (CSV) format. This format makes it easy to import the file into a spreadsheet.

Field Format Description
Source 1 char Specifies the source of the log entry:
  • C - Represents a continuation line for more input attributes. Multiple C entries can exist for a given user-requested (U) log entry.
  • S - Represents a server event that is not associated with a user action.
  • U - Represents a user-requested action.
Timestamp
YYYY/MM/DD
HH:MM:SS:MMM TMZ
Represents the date, time, and time zone of the log entry.
User 1 - 16 char Represents the user account that is making the request.
MC 1 char, a "1" or "2" Represents the management console that processed the user request.
Device 16 char Represents the storage image ID that consists of the following values: manufacture, type, and serial number.
NWC 1 char Represents the following message types: N = notification, W = warning, and C = critical.
Entry ID 4 char Represents the unique identifier that is associated with the activity that is represented by the log entry.
Entry name 20 char max A text description that corresponds to the Entry ID.
Object ID 5 char max Represents a unique identifier that identifies the object.
Exit code 8 char Represents the final result code.
Input
Parameters
160 char max Represents unformatted text that includes input parameters in the format: “attr1 = value1, attr2 = value2” with a comma (,) separator between parameters and double quotation marks around the entire field.
Client type
1-16 char Represents the user application that is making the request.

Example

The following lines are an example of the report information that is extracted when you download the .zip file (the wrapping is done for clarity and is not representative of your actual report):
Note: The following example displays only a portion of an actual syslog server audit log report.
U,2015/11/16 19:42:02:173 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"NIVolume: [id = IBM.2107-75DMC41/0240, userName = myckd_volume,
originalBaseVolumeID = null,volumeSerialNumber = IBM.2107-75DMC41/0240, addressGroup = null,"
C,2015/11/16 9:42:02:173 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"aliasMapVolumeGroup = null, extentPool = IBM.2107-75DMC41/P0, alias = false, volumeType =
NIVolumeTypeCKDBase, dataType = NIDataType3390, capacity = 50000, mtm"
C,2015/11/16 19:42:02:173  EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"= 0, accessState = 0, dataState = 0, configState = 0, writeCacheMode = 0,
storageAllocMethod: 0, errorCode = 0, extentAllocationMethod = 0, requestedCapacity ="
C,2015/11/16 19:42:02:173 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2090,Volume_Create,0240,be534459,"50000, perfGrp = null, resourceGroup = null ]"
U,2015/11/16 19:54:16:88 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2610,PPRC_Pair_Create,0237,0,"source = IBM.2107-75DMC41/0237, target = IBM.2107-75DMC41/0437, source =  IBM.2107-75DMC41/0238,
target = IBM.2107-75DMC41/0438, source =  IBM.2107-75DMC41/0239,"
C,2015/11/16 19:54:16:88  EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2610,PPRC_Pair_Create,0237,0,"target = IBM.2107-75DMC41/0439, source = IBM.2107-75DMC41/023a, target =  IBM.2107-75DMC41/043a,
source = IBM.2107-75DMC41/023b, target =  IBM.2107-75DMC41/043b,"
C,2015/11/16 19:54:16:88 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2610,PPRC_Pair_Create,0237,0,"NIPPRCEstablishSynchronous, NIPPRCEstablishInitialCopyFull"
U,2015/11/16 20:02:29:420 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2092,Volume_Delete,043e,0,"043e"
U,2015/11/1620:02:29:420 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2092,Volume_Delete,043f,0,"043f"
U,2015/11/16 20:02:29:420 EST,admin,DSCLI,1,IBM.2107-75DMC41,N,2092,Volume_Delete,0440,0,"0440"
U,2016/04/06 15:27:23:748 PDT,admin,DSCLI,1,,N,1010,User_Logout,,0,""
U,2016/04/07 01:56:37:598 PDT,admin,DSCLI,1,,N,1000,User_Login,,0,"IP = /9.11.210.106"
-----BEGIN SERVICE AUDIT LOG-----
U,2016/03/18 11:50:14:000 PDT,customer,2,IBM.2107-75DMC40,N,8026,WUI_session_reconn,WUI_session_started_reconnected,,,
U,2016/03/18 12:50:14:000 PDT,developer,2,IBM.2107-75DMC40,N,8036,Authority_to_root,Challenge Key ='Z5T9@uH7'; Authority_upgrade_to_root,,,
U,2016/03/18 12:50:14:000 PDT,developer,2,IBM.2107-75DMC40,N,8036,Authority_to_root,Challenge Key ='Z5T9@uH7'; Authority_upgrade_to_root,,,
U,2016/03/18 13:17:00:000 PDT,developer,2,IBM.2107-75DMC40,N,8036,Authority_to_root,Challenge Key ='Z4T6@uH8'; Authority_upgrade_to_root,,,
U,2016/04/07 20:19:14:000 MST,hscroot,1,IBM.2107-75DMC80,N,8020,WUI_session_started,,,,
U,2016/04/07 20:52:27:000 MST,hscroot,1,IBM.2107-75DMC80,N,8024,WUI_session_disconn,WUI_session_ended_disconnected,,,
U,2016/04/07 21:47:41:000 MST,hscroot,1,IBM.2107-75DMC80,N,8026,WUI_session_reconn,WUI_session_started_reconnected,,,
U,2016/04/07 21:55:34:000 MST,hscroot,1,IBM.2107-75DMC80,N,8022,WUI_session_logoff,WUI_session_ended_loggedoff,,,
U,2016/04/08 01:33:58:000 MST,hscroot,1,IBM.2107-75DMC80,N,8020,WUI_session_started,,,,
U,2016/04/08 03:21:25:000 MST,hscroot,1,IBM.2107-75DMC80,N,8024,WUI_session_disconn,WUI_session_ended_disconnected,,,
U,2016/04/08 04:24:33:000 MST,hscroot,1,IBM.2107-75DMC80,N,8026,WUI_session_reconn,WUI_session_started_reconnected,,,