The audit log is an important tool that you can use to keep track of operations, to monitor security, to investigate the cause of errors, and to avoid potential errors.
Audit logs are created on the SVP computer in the storage system. You can access the audit logs that are output by the SVP, but the SVP is accessible only by support personnel.
Audit logs store the following histories:
- Operations performed from a Device Manager - Storage Navigator computer or an SVP.
- Commands that the storage system received from a host, a computer using CCI, or a host using Business Continuity Manager.
- Operations and events about encryption keys for data encryption.
- Operations for Maintenance Utility
The history may not be output in chronological order. This history includes the user, the time of the operation, the name of the operation, any parameters set, and the end result (normal completion or error message). Each audit log file ends with a serial number, from 0,000,000,000 to 4,294,967,295. When the number reaches 4,294,967,295, it resets and starts over at 0,000,000,000.
There are two types of audit log files:
- Audit log file, which consists of two files:
- Auditlog information file 1 contains operations performed from the Device Manager - Storage Navigator computer or SVP, operations about encryption keys, and operations for Mainteance Utility.
- Auditlog information file 2 contains commands sent from a host, a computer using CCI, or a host using Business Continuity Manager, and events about encryption keys.
You can download them to your Device Manager - Storage Navigator computer or transfer to a primary or secondary FTP server.
- Syslog file. This file contains the audit log. You can download it to your
Device Manager - Storage Navigator computer or transfer it to a primary or secondary syslog server.
The syslog file has two types of formats: RFC3164-compliant and RFC5424-compliant. You can select either of the formats when downloading syslog files and transferring syslog files to syslog servers.