dumpauditlog

Use the dumpauditlog command to reset or clear the contents of the in-memory audit log. The contents of the audit log are sent to a file in the /dumps/audit directory on the current configuration node.

Syntax

dumpauditlog

Parameters

There are no parameters.

Description

This command dumps the contents of the audit log to a file on the current configuration node in a system. It also clears the contents of the audit log. This command is logged as the first entry in the new audit log.

Use this command to manually dump the contents of the in-memory audit log to a file on the current configuration node and clear the contents of the in-memory audit log. Use the catauditlog command to display the in-memory audit log.

Audit log dumps are automatically maintained in the /dumps/audit directory. The local file system space is used by audit log dumps and is limited to 200 MB on any node in the system. The space limit is maintained automatically by deleting the minimum number of old audit log dump files so that the /dumps/audit directory space is reduced below 200 MB. This deletion occurs once per day on every node in the system. The oldest audit log dump files are considered to be the ones with the lowest audit log sequence number. Also, audit log dump files with a system ID number that does not match the current one are considered to be older than files that match the system ID, regardless of sequence number.

Other than by running dumps (or copying dump files among nodes), you cannot alter the contents of the audit directory. Each dump file name is generated automatically in the following format:

auditlog_firstseq_lastseq_timestamp_clusterid
where
  • firstseq is the audit log sequence number of the first entry in the log
  • lastseq is the audit sequence number of the last entry in the log
  • timestamp is the timestamp of the last entry in the audit log that is being dumped
  • clusterid is the clustered system ID at the time that the dump was created
  • challenge allows the sra_privileged user to determine who issued a particular command
  • source_panel is the source panel ID in the audit log that is being dumped
  • target_panel indicates the target panel ID in the audit log that is being dumped
The audit log dump files names cannot be changed.

The audit log entries in the dump files contain the same information as displayed by the catauditlog command; however, the dumpauditlog command displays the information with one field per line. The lsdumps command displays a list of the audit log dumps that are available on the nodes in the clustered system.

A sample audit log entry:
Auditlog Entry 0
       Sequence Num    : 0
       Timestamp       : Sun Mar 13 15:22:55 2016
                       : Epoch + 1457882575
       Cluster User    : superuser
       Challenge       :
       SSH IP Address  :
       Result Code     : 0
       Result Obj ID   : 0
       Action Cmd      : satask restartservice -service tomcat
       Source_Panel    : 7830619-2
       Target_Panel    : 7830619-2

An invocation example

dumpauditlog

The resulting output:

No feedback