Audit logs are stored in the cluster primary node (primary). As shown in the following figure, you can obtain the logs by either of the following means:
-
Configure transfer of audit logs to the syslog server and obtain the logs from the transfer destination syslog server.
-
Audit logs are transferred to the syslog server as text data.
-
Rsyslog 8 is supported as a syslog server.
-
Audit logs created after syslog transfer settings were made are transferred to the syslog server. Audit logs created before syslog transfer settings were made are not transferred to the syslog server.
-
For details about syslog transfer settings, see Editing Syslog transfer settings of audit logs (CLI or REST API).
-
-
Download audit log files compiled by using the REST API or CLI.
-
Audit log files are in the csv format.
-
For the method to compile an audit log into a file by using the API or CLI and then download it, see Downloading an audit log to the controller node (CLI or REST API).
-