Audit log screen

About the audit log

The audit log is available through both the controller GUI and the REST API, and records events related to activities, operations, and configuration changes initiated by an authorized user. This includes activities such as:

  • Installing an application (or starting, stopping, uninstalling an application)

  • Modification to a components configuration

  • Installing a license

  • Forming a controller team

Audit log and controller teams 

When controllers are operating in a team, the audit log shows events for all controllers in the team.

About audit log policies

The values for the AuditLogManager component keys determine the alert age-out policies. The following table describes the keys for the AuditLogManager component (com.hp.sdn.adm.auditlog.impl.AuditLogManager).

KeyDefault ValueDescription
trim.auditlog.age

365

Specifies the number of days to retain a log entry. Use this key to implement your record retention policy.

Data type

A number from 31 through 1825.

trim.enabledtrue
true

Specifies that the controller deletes log entries that have exceeded the trim.auditlog.age limit.

false

Specifies that the controller does not delete log entries that have exceeded the trim.auditlog.age limit.

trim.frequency

24

Specifies how often, in hours, the controller is to delete log entries that have exceeded the trim.alert.age limit.

Data type

A number from 8 through 168

Example

Enter 24 to specify that the controller delete aged-out log entries every 24 hours (once per day).

Audit log screen details

Screen componentDescription
Refresh

Updates the log entries displayed on the screen. The controller does not update the display as new entries are generated. Use this action to refresh the display.

User

The user that performed the operation that triggered the log entry

Occurred

A time stamp (in UTC format) indicating when the controller created the log entry.

Activity

The type of activity that triggered the creation of the log entry.

Origin

The application or controller component that generated the log entry.

Data

Detailed information about the log entry.

Controller ID

A hexadecimal number that identifies controller that generated the log entry. When you use controller teaming, this ID enables you to identify which controller in the team generated the alert.

For example, the audit log displays software license and teaming activity:

Audit Log screen example with licensing and teaming activity

Audit Log screen example with licensing and teaming activity

Deleting a log entry

You cannot delete or modify a log entry. The controller deletes entries according to the configured audit log policies. To configure the audit log policies, see “Configuring audit log policies”

Configuring audit log policies

  1. From the Configurations screen, under Component, select the com.hp.sdn.adm.auditlog.impl.AuditLogManager component.

  2. Click Modify.

    The Modify Configuration dialog box appears.

  3. Change the values for the keys. For information about the keys and values for this component, see “About audit log policies”.

  4. Click Apply .

Exporting and archiving audit log data

To retain log records for longer than the trim.auditlog.age limit, you must export the audit log from the controller to a file before the trim.auditlog.age limit is reached. Exporting audit log data does not remove it from persistent storage.

To export the audit log, you must use the REST APIs.