Understanding the security features of HPE OneView > Understanding the audit log

  

 next

Understanding the audit log

The audit log contains a record of actions performed on the appliance, which you can use for individual accountability.

You must have Infrastructure administrator privileges to download the audit log.

To download the audit log, see Download audit logs.

Monitor the audit logs because they are rolled over periodically to prevent them from getting too large. Download the audit logs periodically to maintain a long-term audit history.

Each user has a unique logging ID per session, enabling you to follow a user’s trail in the audit log. Some actions are performed by the appliance and might not have a logging ID.

A breakdown of an audit entry follows:

Token Description
Date/time

The date and time of the event
Internal component ID

The unique identifier of an internal component
Reserved

The organization ID. Reserved for internal use
User domain

The login domain name of the user
User name/ID

The user name
Session ID

The user session ID associated with the message
Task ID

The URI of the task resource associated with the message
Client host/IP

The client (browser) IP address identifies the client machine that initiated the request
Result

The result of the action, which can be one of the following values:

  • SUCCESS

  • FAILURE

  • SOME_FAILURES

  • CANCELED

  • KILLED
Action

A description of the action, which can be one of the following values:

  • ADD

  • MODIFY

  • DELETE

  • ACCESS

  • RUN

  • LIST

  • ENABLE

  • DISABLE

  • SAVE

  • SETUP

  • UNSETUP

  • DEPLOY

  • START

  • DONE

  • KILLED

  • CANCELED

  • LOGIN

  • LOGOUT

  • DOWNLOAD_START
Severity

A description of the severity of the event, which can be one of the following values, listed in descending order of importance:

  • INFO

  • NOTICE

  • WARNING

  • ERROR

  • ALERT

  • CRITICAL
Resource category

For REST API category information, see the HPE OneView REST API Reference.
Resource URI/name

The resource URI/name associated with the task
Message

The output message that appears in the audit log

Maintenance console entries  

The audit log includes entries for these Maintenance console events:

  • Entries in which no login was required

  • Successful logins

  • Unsuccessful logins

  • Unsuccessful challenge-response authorization attempts

  • Attempted appliance restarts

  • Attempted appliance shutdowns

  • Attempts to reset the administrator password

  • Service console launches and exits

prev

 

up

 next

Protecting credentials 

home

 Appliance access over SSL

Copyright © 2013-2016 Hewlett Packard Enterprise Development LP