SANtricity 11 Manuals (CA08872-010)

to Japanese version

View audit log activity

By viewing audit logs, users with Security Admin permissions can monitor user actions, authentication failures, invalid login attempts, and the user session lifespan.

Before you begin

You must be logged in with a user profile that includes Security admin permissions. Otherwise, the Access Management functions do not appear.

Steps
  1. Select Settings > Access Management.

  2. Select the Audit Log tab.

    Audit log activity appears in tabular format, which includes the following columns of information:

    • Date/Time
      Timestamp of when the storage system detected the event (in GMT).

    • Username
      The user name associated with the event. For any non-authenticated actions on the storage system, "N/A" appears as the user name. Non-authenticated actions might be triggered by the internal proxy or some other mechanism.

    • Status Code
      HTTP status code of the operation (200, 400, etc.) and descriptive text associated with the event.

    • URL Accessed
      Full URL (including host) and query string.

    • Client IP Address
      IP address of the client associated with the event.

    • Source
      Logging source associated with the event, which can be SANtricity System Manager, CLI, Web Services, or Support Shell.

    • Description
      Additional information about the event, if applicable.

  3. Use the selections on the Audit Log page to view and manage events.

    Selection details
    Selection Description

    Show events from the…​

    Limit events shown by date range (last 24 hours, last 7 days, last 30 days, or a custom date range).

    Filter

    Limit events shown by the characters entered in the field. Use quotes ("") for an exact word match, enter OR to return one or more words, or enter a dash ( — ) to omit words.

    Refresh

    Select Refresh to update the page to the most current events.

    View/Edit Settings

    Select View/Edit Settings to open a dialog box that allows you to specify a full log policy and level of actions to be logged.

    Delete events

    Select Delete to open a dialog box that allows you to remove old events from the page.

    Show/hide columns

    Click the Show/Hide column icon sam 1140 ss access columns to select additional columns for display in the table. Additional columns include:

    • Method
      The HTTP method (for example, POST, GET, DELETE, etc.).

    • CLI Command Executed
      The CLI command (grammar) executed for Secure CLI requests.

    • CLI Return Status
      A CLI status code or a request for input files from the client.

    • SYMbol Procedure
      The SYMbol procedure executed.

    • SSH Event Type
      Secure Shell (SSH) events type, such as login, logout, and login_fail.

    • SSH Session PID
      Process ID number of the SSH session.

    • SSH Session Duration(s)
      The number of seconds the user was logged in.

    • Authentication Type
      Types can include Local user, LDAP, SAML, and Access token.

    • Authentication ID
      ID of the authenticated session.

    Toggle column filters

    Click the Toggle icon sam 1140 ss access toggle to open filtering fields for each column. Enter characters within a column field to limit events shown by those characters. Click the icon again to close the filtering fields.

    Undo changes

    Click the Undo icon sam 1140 ss access undo to return the table to the default configuration.

    Export

    Click Export to save the table data to a comma separated value (CSV) file.

Top of Page