• MapReduce Service

mrs
  1. Help Center
  2. MapReduce Service
  3. User Guide
  4. MRS Manager Operation Guide
  5. Log Management
  6. Viewing and Exporting Audit Logs

Viewing and Exporting Audit Logs

Scenario

On MRS Manager, view and export audit logs for post-event tracing, fault cause locating, and responsibility classification of security events.

The system records the following log information:

  • User activity information, such as user login and logout, and modifications to system user and system user group information
  • Information about user operation instructions, such as cluster startups and shutdowns, and software upgrades.

Procedure

  • View the audit logs.
    1. On MRS Manager, click Audit to view the default audit logs.

      If the content of the audit log contains more than 256 characters, click the unfold button to unfold audit details and then click log file to download the complete log file.

      • By default, audit logs are displayed in descending order by Occurred On. You can click Operation TypeSeverityOccurred OnUserHostServiceInstance, or Operation Result to change the display mode.
      • You can filter out all audit logs of the same severity in Severity, including both cleared and uncleared alarms.

      Export the audit logs, which contain the following information:

      • Sno: indicates the number of audit logs generated by MRS Manager. The number is incremented by 1 when a new audit log is generated.
      • Operation Type: indicates the type of user operations. User operations are classified into the following scenarios: User_Manager, Cluster, Service, Host, Alarm, Collect Log, Auditlog, Backup And Restoration, TenantUser_Manager is supported only by clusters with Kerberos authentication enabled. Each scenario contains different operation types. For example, Alarms contains Export alarmsClusters contains Start Cluster, and Tenant contains Add Tenant.
      • Severity: indicates the security level of each audit log, including CriticalMajorMinor, and Information.
      • Start Time: indicates the GMT+01:00 or GMT+02:00 time when a user operation starts.
      • End Time: indicates the GMT+01:00 or GMT+02:00 time when a user operation ends.
      • User IP Address: indicates the IP address used by a user.
      • User: indicates the name of a user who performs the operations.
      • Host: indicates the node where a user operation is performed. The information is not saved if the operation does not involve a node.
      • Service: indicates the service on which a user operation is performed. The information is not saved if the operation does not involve a service.
      • Instance: indicates the role instance on which a user operation is performed. The information is not saved if the operation does not involve a role instance.
      • Operation Result: indicates the user operation result, including SuccessfulFailed, and Unknown.
      • Content: indicates execution information of the user operation.
    2. Click Advanced Search. In the audit log search area, set search criteria and click Search to view the desired audit logs. Click Reset to reset search criteria.
      NOTE:

      You can set Start Time and End Time to specify the time range when logs are generated.

  • Export the audit logs.

    In the audit log list, select the check box of a log and click Export, or click Export All.