Home > Guides > Dashboard Users Guide > Report > Audit Entries > Actions > Audit Entries

Audit Entries

Objective

View audit trail of informative or valuable troubleshooting data tied to your Deployment

Table of Contents

Overview

Audit entries are created for virtually all actions in an account, such as launching and terminating instances, as well as all commands that are executed on instances to perform operations such as bundling or performing database backups. The audit entries are kept for a "long time" after the actual event in order to provide a comprehensive history of your actions. You may sort by any item in the table, in ascending or descending order. 

Display

Audit Entry Index

By default, when viewing Reports -> Audit Entries the last 14 days are displayed.  They are archived however, and the Displays drop-down menu allows you to look at Audit Entries in a quarterly grouping.  (The most recent quarter/year on top, the oldest available is on the bottom.)

Individual Audit Entries

Displays can be in one of two views:

  1. Structured View - More of a formatted view.  This view is parsed and subsequently formatted, hence it is a bit more readable.  It splits the details of an audit entry into audit entry records.  You can expand/collapse the detailed entries for these records.  For example, you can expand/collapse boot state or package installation entries with a simple mouse click.  (Select the triangle next to the "Details" to either expand or collapse that portion of the Audit Entry.)
  2. Raw Output View - Entire contents of the Audit Entry are passed through for viewing "as is".  The raw output is more exhaustive as it shows all of the output from the logs, not just the portions that were parsed and placed into a Structured View.  In some instances, it is possible that Structured View contains slightly less data.  Data that did not parse well will always be included with the raw output.

Steps

There are several ways to view audit information.  Such as selecting the appropriate entry from any of these locations in the Dashboard:

  • Navigate to ReportAudit Entries
  • Navigate to ManageDeploymentsYourDeploymentAudit tab and select the appropriate entry link
  • Navigate to ManageServers > YourSeverAudit Entries tab
  • Select an Event from the left pane of the Dashboard (Events are similar to "Recent Activity", which has been deprecated.)

 

The following example screen shows the Reports -> Audit Entries index (for a previous quarter):

screen-AuditEntryIndex.png

 

The following screen shows the Structured View of a specific entry from the Audit Entries report shown above (successful completion of a HAProxy disconnect RightScript):

 

screen-AuditEntryStructuredView.png

 

Note that you can also select the Raw Output View action link.  The raw output is not formatted as nicely, but on some occassions it contains more information.  Viewing audit entries is of course quite simple.  Determining what they mean, particularly while troubleshooting/debugging, is something you get better at over time.

You must to post a comment.
Last Modified
22:50, 16 May 2013

Page Rating

Was this article helpful?

Tags


Announcements

UCP Migration

Glossary | 用語용어 Site Map | Site Help Community Corporate Site Get Support Dashboard Login
Doc Feedback Product Feedback Resources MultiCloud Marketplace Forums

Dashboard Status


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.