Audit logs

The audit log provides audit records for actions that are performed in IBM® Storage Insights. Audit logs are retained for 15 days from the date of action performed by the user and are downloaded in Cloud Auditing Data Federation (CADF) standard format. For privacy, the audit logs contain masked email addresses of the users who perform the actions.

Table 2 shows the user actions which are included in the logs. Users with administrator role can download and view the events that are captured in the audit log. Users with monitor role cannot download the audit logs.

Downloading audit logs from IBM Storage Insights menu

You can download the audit logs by navigating to Help > Download Audit Log menu option in IBM Storage Insights.

Downloading audit logs using IBM Storage Insights REST API

You can download audit logs by using the REST API. The API requires a token that is generated by using the REST API key. The audit logs API can be executed by admin user only. It gives audit log records for actions that the admin user performs.

For more information about auditlogs API, see Swagger documentation.

Security aspects

The following table describes which user can see which audit messages:

Table 1. User role access to audit logs
User role Access to download audit logs
Administrator role Yes
Monitor role No

Audit Actions

The following table describes the user actions which are included in the logs:

Table 2. Audit actions
Feature Action
Login or Logout
  • User login
  • User logout
Switch or Fabric
  • Add a new switch
  • Remove the switch or fabric
Alert management
  • Create alert policy
  • Update alert policy
  • Delete alert policy
  • Acknowledge or unacknowledge alerts
REST API token management
  • REST API key creation
  • Renew security token
Inline threat detection configuration
  • Enable inline threat detection
  • Disable inline threat detection
  • Update threat detection
Hosts
  • Add vCenter
  • Remove vCenter
Report management
  • Create report
  • Update report
  • Remove report
Storage systems
  • Add a new storage system
  • Update a storage system
  • Remove a storage system
Ticket management
  • Create a ticket
  • Upload snap log
  • Update ticket
  • Upload Data Collector (DC) logs (performed by support)
User actions from IBM Storage Insights
  • Stop data collection
  • Update schedule
  • Modify connection
SI_AIOPS_ORCHESTRATION (storage partition migration) Actions are logged as requests and responses
  • Requests from IBM Storage Insights to IBM FlashSystem® during partition migration:
    • initiate
    • abort
    • switch primary (host_rescan_fix)
    • rollback
    • commit
    • fix error
  • Responses from IBM Storage FlashSystem to IBM Storage Insights during partition migration:
    • ACCEPTED
    • REJECTED
Permission management Update the partition management permission
Note: All actions are for the devices that are monitored by either DC or by Call Home with cloud services.