Audit logs
The audit log provides the audit records for actions that are performed on your tenant. Logs are retained for 15 days from the date of action performed by the user, and can be downloaded in CSV format or with the REST API. Audit logs are in Cloud Auditing Data Federation (CADF) standard format. For privacy, the audit logs contain the masked email addresses of the users who performed the action.
You can download the audit logs by navigating to IBM® Storage Insights GUI or by using IBM Storage Insights REST APIs.
menu option inDownloading audit logs from IBM Storage Insights menu
You can download the audit logs of the actions that were performed in your IBM Storage Insights tenant. The logs for various actions performed in the last 15 days are available to download in CSV format.
See Table 2 for the user actions which are included in the logs. Users with Tenant administrator role can download and view the events that are captured in the audit log for the tenant, but users with Monitor role cannot download the audit logs.
Downloading audit logs using IBM Storage Insights REST API
The API requires a token that is generated by using the REST API key.
GET: https://insights.ibm.com/restapi/v1/tenants/<tenant-id>/auditlogs
Header: x-api-token: <token_generated_using_rest_api_key>
For more information about generating the REST API key, see Generating a REST API key.
After the REST API key is generated, create the API token. For more information about generating the token, see Generate an API Token.
This audit logs API is executed by admin user only. It gives the audit log records for actions that the admin user performs.
For more information about audit log API, see Swagger documentation.
Security aspects
The following table describes which user can see which audit messages:
User role | Access to audit logs and content |
---|---|
Administrator role | User with Tenant administrator role can download and see all the audit events that are captured for the tenant. |
Monitor role | Do not have access to audit log functionality. |
Audit Actions
The following table describes the user actions which are included in the logs:
Feature | Action |
---|---|
Login or Logout |
|
Switch or Fabric |
|
Alert management |
|
REST API token management |
|
Inline threat detection configuration |
|
Hosts |
|
Report management |
|
Storage systems (both DC and Call home with cloud services) |
|
Ticket management |
|
User actions from GUI |
|