Audit log¶
Audit logs help you monitor and record the activities of each user, and provide features for collecting, storing and querying security-related records arranged in chronological order. With the audit log service, you can continuously monitor and retain user behaviors in the Global Management module, including but not limited to user creation, user login/logout, user authorization, and user operations related to Kubernetes.
Features¶
The audit log feature has the following characteristics:
-
Out of the box: When installing and using the platform, the audit log feature will be enabled by default, automatically recording various user-related actions, such as creating users, authorization, and login/logout. By default, 365 days of user behavior can be viewed within the platform.
-
Security analysis: The audit log will record user operations in detail and provide an export function. Through these events, you can judge whether the account is at risk.
-
Real-time recording: Quickly collect operation events, and trace back in the audit log list after user operations, so that suspicious behavior can be found at any time.
-
Convenient and reliable: The audit log supports manual cleaning and automatic cleaning, and the cleaning policy can be configured according to your storage size.
View Audit Logs¶
-
Log in to DCE 5.0 with a user account that has the admin or Audit Owner role.
-
At the bottom of the left navigation bar, click Global Management -> Audit Logs .
User operations¶
On the User operations tab, you can search for user operation events by time range, or by using fuzzy or exact search.
Click the ┇ icon on the right side of an event to view its details.
The event details are shown in the following figure.
Click the Export in the upper right corner to export the user operation logs within the selected time range in CSV or Excel format.
System operations¶
On the System operations tab, you can search for system operation events by time range, or by using fuzzy or exact search.
Similarly, click the ┇ icon on the right side of an event to view its details.
Click the Export in the upper right corner to export the system operation logs within the selected time range in CSV or Excel format.
Settings¶
On the Settings tab, you can clean up audit logs for user operations and system operations.
You can manually clean up the logs, but it is recommended to export and save them before cleaning. You can also set the maximum retention time for the logs to automatically clean them up.
Note
The audit logs related to Kubernetes in the auditing module are provided by the Insight module. To reduce the storage pressure of the audit logs, Global Management by default does not collect Kubernetes-related logs. If you need to record them, please refer to Enabling K8s Audit Logs. Once enabled, the cleanup function is consistent with the Global Management cleanup function, but they do not affect each other.