Audit logs
The audit log provides audit records for actions that are performed in IBM® Storage Insights. Audit logs are retained for 15 days from the date of action performed by the user and are downloaded in Cloud Auditing Data Federation (CADF) standard format. For privacy, the audit logs contain masked email addresses of the users who perform the actions.
Table 2 shows the user actions which are included in the logs. Users with administrator role can download and view the events that are captured in the audit log. Users with monitor role cannot download the audit logs.
Downloading audit logs from IBM Storage Insights menu
You can download the audit logs by navigating to IBM Storage Insights.
menu option inDownloading audit logs using IBM Storage Insights REST API
- To generate the REST API key, see Generating a REST API key.
- To generate the REST API token, see Generate an API Token.
For more information about auditlogs API, see Swagger documentation.
Security aspects
The following table describes which user can see which audit messages:
User role | Access to download audit logs |
---|---|
Administrator role | Yes |
Monitor role | No |
Audit Actions
The following table describes the user actions which are included in the logs:
Feature | Action |
---|---|
Login or Logout |
|
Switch or Fabric |
|
Alert management |
|
REST API token management |
|
Inline threat detection configuration |
|
Hosts |
|
Report management |
|
Storage systems |
|
Ticket management |
|
User actions from IBM Storage Insights |
|
SI_AIOPS_ORCHESTRATION (storage partition migration) | Actions are logged as requests and responses
|
Permission management | Update the partition management permission |