HP OneView User Manual

Monitor the audit logs because they are rolled over periodically to prevent them from getting too
large. Download the audit logs periodically to maintain a long-term audit history.

Each user has a unique logging ID per session, enabling you to follow a user’s trail in the audit
log. Some actions are performed by the appliance and might not have a logging ID.

A breakdown of an audit entry follows:

Description

Token

The date and time of the event

Date/time

The unique identifier of an internal component

Internal component
ID

The organization ID. Reserved for internal use

Reserved

The login domain name of the user

User domain

The user name

User name/ID

The user session ID associated with the message

Session ID

The URI of the task resource associated with the message

Task ID

The client (browser) IP address identifies the client machine that initiated the request

Client host/IP

The result of the action, which can be one of the following values:

•

SUCCESS

•

FAILURE

•

SOME_FAILURES

•

CANCELED

•

KILLED

Result

A description of the action, which can be one of the following values:

•

•

•

•

CANCELED

UNSETUP

LIST

ADD

•

•

•

•

MODIFY

LOGIN

DEPLOY

ENABLE

•

•

•

•

DISABLE

DELETE

LOGOUT

START

•

•

•

•

DONE

SAVE

ACCESS

DOWNLOAD_START

•

•

•

KILLED

SETUP

RUN

Action

A description of the severity of the event, which can be one of the following values, listed in
descending order of importance:

•

INFO

•

NOTICE

•

WARNING

•

ERROR

•

ALERT

•

CRITICAL

Severity

For REST API category information, see the HP OneView REST API Reference in the online help.

Resource category

The resource URI/name associated with the task

Resource URI/name

The output message that appears in the audit log

Message

3.7 Understanding the audit log

49