The Audit Log stores every single event within your Shoreline cluster, including:
- Alarm and Bot trigger events
- Action executions
- Core object configuration changes
- Access Control and Auth events
- Named Resource creation and update events
- Metric configuration events
- Op Linux command executions
The Audit UI is accessible from the Configuration UI by clicking the Audit card under Administration.
Click the download icon at the top-right to download all currently loaded Audit Log events in CSV format.
Each Audit Log event records vital information related to it and stores it as event object properties.
timestamp is when the event occurred.
In the Audit UI this value is displayed as Operation start time.
By default, the Audit Log is sorted in inverse chronological order, displaying the most recent events at the top.
Click on the Operation start time column name to sort by
details property contains a detailed description of the event. Some examples include:
Create File file_26394446492254e0547e7d39a86c7379 Update File file_5fbc2cc72a7d8a4237374b46d7918615 Delete Alarm high_cpu_alarm Trigger Alarm high_disk_usage_alarm
Linux command execution
User permission changes via Access Control, e.g.:
Update User permission firstname.lastname@example.org
status property indicates the status of the event. The possible values are:
The Audit UI displays this value in the Operation status column.
Click the Operation status column header to sort and filter by
user property indicates the authenticated Shoreline user that triggered the event. This value typically displays the primary identifier of the user, such as their email address.
For events invoked by Shoreline and not caused by a person, the
user property displays a
The User column in the Audit UI displays the triggering user. Click the User column header to sort and filter by
Possible values are:
resourceName property returns all Resources affected by the event.
The Resource type column displays the
resourceType property within the Audit UI.
If only a single Resource was impacted by the event then clicking on the Resource type link automatically forwards you to the Resources UI with that specific Resource filtered in the view. When multiple Resources have been affected, a Multiple link is displayed.
information property returns any extra details about the Audit Log event.
For Linux command events, for example, the
information property shows the command that executed and its status, e.g.:
Command `ls /tmp/scripts` succeeded. Command `ls /tmp/scripts` exited with status 2. Stderr: ls: cannot access '/tmp/scripts': No such file or directory
The Audit entry details column displays
information values in the Audit UI. Clicking on the Audit entry details link opens the EVENT DETAILS dialog and shows a bit of information about the event and the full command text.