Exporting audit data

Edit online

IBM® Power® Virtualization Center provides auditing support for PowerVC services. Use the powervc-audit-export command to export audit data to a specified file.

An audit record is a recording of characteristics, including user ID, timestamp, activity, location, and so on, of each request made by PowerVC. Reviewing audit records is helpful when you are trying to solve problems or resolve errors. For example, if a host was deleted and you need to determine the user that deleted it, the audit records would tell you.

The powervc-audit-export command is located in the /usr/bin directory.

Complete the following steps to export PowerVC audit data. For details about the available options, run powervc-audit-export --help.
  1. Open a command-line interface to the operating system on the virtual machine on which IBM PowerVC is installed.
  2. Navigate to the /usr/bin directory.
  3. Run the powervc-audit-export command with any needed options.
    Examples:
    • Export audit records in JSON format to file /user's_home_directory/myexport_file:

      /usr/bin/powervc-audit-export -o myexport_file

    • Export audit records in csv format to file /user's_home_directory/myexport_file.csv for another user 'Michael':

      /usr/bin/powervc-audit-export -o myexport_file.csv -u michael -x csv

    • Export the first ten request/response audit record pairs in JSON format to file /tmp/first10_file.json:

      /usr/bin/powervc-audit-export -o /tmp/first10_file.json -n 10

    • Export audit records in csv format to file /user's_home_directory/myexport_file.abc for another user 'Susan' and using filter file /tmp/myfilter:

      /usr/bin/powervc-audit-export -o myexport_file.abc -u susan -x csv -f /tmp/myfilter

      Following is an example of the contents of a filter file in JSON format that you could use to receive only audit entries corresponding to the nova API and the user root:
      [
    {
        "q.field": "service",
        "q.op": "eq",
        "q.value": "nova-api" 
    }, 
    { 
        "q.field": "initiator_name", 
        "q.op": "eq", 
        "q.value": "root" 
    } 
]
When the export operation completes, a new file containing the outputted audit data and with the default or specified file name resides in the default or specified location.