catauditlog

Edit online

Use the catauditlog command to display the in-memory contents of the audit log.

Syntax

Read syntax diagramSkip visual syntax diagram catauditlog -nohdr-delimdelimiter-firstnumber_of_entries_to_return

Parameters

-nohdr
(Optional) By default, headings are displayed for each column of data in a concise style view, and for each item of data in a detailed style view. The -nohdr parameter suppresses the display of these headings.
Note: If there is no data to be displayed, headings are not displayed.
-delim delimiter
(Optional) By default in a concise view, all columns of data are space-separated. The width of each column is set to the maximum width of each item of data. In a detailed view, each item of data has its own row, and if the headers are displayed, the data is separated from the header by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a 1-byte character. If you enter -delim : on the command line, the colon character (:) separates all items of data in a concise view; for example, the spacing of columns does not occur. In a detailed view, the data is separated from its header by the specified delimiter.
-first number_of_entries_to_return
(Optional) Specifies the number of most recent entries to display.

Description

This command lists a specified number of the most recently audited commands.

Use this command to display the in-memory audit log. Use the dumpauditlog command to manually dump the contents of the in-memory audit log to a file on the current configuration node and clear the contents of the in-memory audit log.

The in-memory portion of the audit log is limited to 500 entries.

Once the in-memory audit log reaches maximum capacity, the log is written to a local file on the configuration node in the /dumps/audit directory. The catauditlog command only displays the in-memory part of the audit log; the on-disk part of the audit log is in readable text format and does not require any special command to decode it.

The in-memory log entries are reset and cleared automatically, ready to accumulate new commands. The on-disk portion of the audit log can then be analyzed later.

The lsdumps command with -prefix parameter (and the /dumps/audit file) can be used to list the files on the disk.

As commands are ran,, audit log file, they are recorded in the in-memory audit log. When the in-memory audit log becomes full, it is automatically dumped to an and the in-memory audit log is cleared.

The origin field displays the command that is derived from GUI, CLI, VASA, or REST. The field only populates for the cluster commands, and will be blank for all the service commands.

An invocation example

catauditlog -delim :  | grep 'audit_seq_no\|mkvolumegroup\| mkuser

The resulting output: 


audit_seq_no:timestamp:cluster_user:challenge:source_panel:target_panel:ssh_ip_address:result:res_obj_id:action_cmd:parent_seq_no:origin:
0:220917005819:secAdmin1::::9.65.218.137:0:1:svctask mkuser -name secAdmin13 -password #### -usergrp 0::CLI:
1:220917005825:secAdmin2::::9.65.218.137:0:2:svctask mkuser -name secAdmin12 -password #### -usergrp 0::CLI:
14:220919175105:admin101::::9.160.185.165:0:0:svctask mkvolumegroup::CLI: