Audit logs for embedded CCI

Storage Advisor Embedded User Guide

Version
93-07-2x
88-08-12
Audience
anonymous
Part Number
MK-97HM85022-25
The audit logs for embedded CCI are created when the SSH connection is opened or closed and when raidcom commands are used. The audit logs are stored in the storage system (on the GUM processor).
  • When you open an SSH connection to the GUM processor:
    GUM,[BASE],Login,,Normal end,Seq.=xxxxxxxxxx
  • When you close an SSH connection to the GUM processor:
    GUM,[BASE],Logout,,Normal end,Seq.=xxxxxxxxxx

The IP address of the SSH client is output as the host identification value.

The audit logs for embedded CCI commands are output in the same format as the audit logs for host-based CCI. The IP address of the GUM processor is output as the host identification value.

You can use the embedded CCI audit logs to identify the user client who executed a raidcom command. To identify the user client who executed an embedded CCI command:
  1. Refer to the embedded CCI audit logs to determine the user name of the user who executed the command and the date and time at which the command was executed.
  2. In the audit logs of the storage system, locate the Login operation that meets all of the following conditions:
    • The Login operation was performed earlier than the time at which the command was executed (determined in step 1).
    • The Logout operation was not performed earlier than the time at which the command was executed (determined in step 1).
  3. In the log of the Login operation that you located in step 2, locate the host identification. The host identification value is the IP address of the SSH client from which the command was executed.