dumpauditlog

Edit online

Use the dumpauditlog command to reset or clear the contents of the in-memory audit log. The contents of the audit log are sent to a file in the /dumps/audit directory on the current configuration node.

Syntax

Parameters

There are no parameters.

Description

This command dumps the contents of the audit log to a file on the current configuration node in a system. It also clears the contents of the audit log. This command is logged as the first entry in the new audit log.

Use this command to manually dump the contents of the in-memory audit log to a file on the current configuration node and clear the contents of the in-memory audit log. Use the catauditlog command to display the in-memory audit log. The dumped audit log includes all audit log entries. This includes entries that are hidden by default in the catauditlog view, such as configuration changes performed by the system to configure policy-based replication.

Audit log dumps are automatically maintained in the /dumps/audit directory. The local file system space is used by audit log dumps and is limited to 200 MB on any node in the system. The space limit is maintained automatically by deleting the minimum number of old audit log dump files so that the /dumps/audit directory space is reduced below 200 MB. This deletion occurs once per day on every node in the system. The oldest audit log dump files are considered to be the ones with the lowest audit log sequence number. Also, audit log dump files with a system ID number that does not match the current one are considered to be older than files that match the system ID, regardless of sequence number.

Other than by running dumps (or copying dump files among nodes), you cannot alter the contents of the audit directory. Each dump file name is generated automatically in the following format:

auditlog_firstseq_lastseq_timestamp_clusterid

where

firstseq is the audit log sequence number of the first entry in the log
lastseq is the audit sequence number of the last entry in the log
timestamp is the timestamp of the last entry in the audit log that is being dumped
clusterid is the clustered system ID at the time that the dump was created

The audit log dump file names cannot be changed.

The dumpauditlog command displays the information with one field per line. The lsdumps command displays a list of the audit log dumps that are available on the nodes in the clustered system.

A sample audit log entry:

Auditlog Entry 0
	Sequence Num		: 0
	Timestamp		: Fri Aug 19 01:26:04 2022
			: Epoch + 1660872364
	Cluster User		: superuser
	Challenge		: 
	SSH IP Address		: x.xxx.xx.xxxx
	Result Code		: 0
	Result Obj ID		: 
	Action Cmd		: svctask setlocale -locale 10
	Source_Panel		: 
	Target_Panel		: 
	Initiator		: user
	Initiator ClusterID	: 
	Initiator Parent Seq No	: 
	Parent Seq No		: 
	Origin			: CLI

An invocation example

dumpauditlog

The resulting output:

No feedback