8 choosing a policy for the audit log – HP OneView User Manual
Page 54
Description
Token
The user session ID associated with the message
Session ID
The URI of the task resource associated with the message
Task ID
The client (browser) IP address identifies the client machine that initiated the request
Client host/IP
The result of the action, which can be one of the following values:
•
SUCCESS
•
FAILURE
•
SOME_FAILURES
•
CANCELED
•
KILLED
Result
A description of the action, which can be one of the following values:
•
•
•
•
CANCELED
UNSETUP
LIST
ADD
•
•
•
•
MODIFY
LOGIN
DEPLOY
ENABLE
•
•
•
•
DISABLE
DELETE
LOGOUT
START
•
•
•
•
DONE
SAVE
ACCESS
DOWNLOAD_START
•
•
•
KILLED
SETUP
RUN
Action
A description of the severity of the event, which can be one of the following values, listed in
descending order of importance:
•
INFO
•
NOTICE
•
WARNING
•
ERROR
•
ALERT
•
CRITICAL
Severity
For REST API category information, see the HP OneView REST API Reference in the online help.
Resource category
The resource URI/name associated with the task
Resource URI/name
The output message that appears in the audit log
Message
Example 1 Sample audit entries: user login and logout
2013-09-16 14:55:20.706 CST,Authentication,,,administrator,jrWI9ych,,,
SUCCESS,LOGIN,INFO,CREDENTIAL,,Authentication SUCCESS
.
.
.
2013-09-16 14:58:15.201 CST,Authentication,,,MISSING_UID,jrWI9ych,,,
SUCCESS,LOGOUT,INFO,CREDENTIAL,,TERMINATING SESSION
3.8 Choosing a policy for the audit log
Choose a policy for downloading and examining the audit log.
The audit log contains a record of actions performed on the appliance, which you can use for
individual accountability. As the audit log gets larger, older information is deleted. To maintain a
long-term audit history, you must periodically download and save the audit log.
For more information about the audit log, see
“Understanding the audit log” (page 53)
54
Understanding the security features of the appliance