| Workload location | Block storage |
| Audit log source | Block storage |
| Example audited operations |
Create a volume
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | message.user.identity | For example, "message":"{"user":{"identity":"root-admin-client-cert"}} |
| Target (Fields and values that call the API) | message.action | For example, "message":"{"action":"volume-create"}" |
| Action (Fields containing the performed operation) | action | For example,
|
| Event timestamp | time | For example,
|
| Source of action | message.sourceIPs | For example, "message":"{"sourceIPs":["10.252.143.2"]}" |
| Outcome | message.response | For example, "message":"{"response":"success"}" |
| Other fields | Not applicable | Not applicable |
Example log
{ "pri":"14", "time":"2022-12-07T13:46:49.133781Z", "host":"storage", "ident":"storage", "pid":"-", "msgid":"-", "extradata":"-", "message":"{"time":"2022-12-07T13:40:18Z","auditID":"90199274229","user":{"identity":"root-admin-client-cert"},"resource":"{"Application":"ontapi","Hostname":"zh-ad-stge02-02","StorageVirtualMachine":"root-admin"}","action":"volume-create","sourceIPs":["10.252.143.2"],"response":"success","_gdch_org":"root-admin"}", "_gdch_cluster":"root-admin", "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-vn8f9", "_gdch_service_name":"admin-audit-logs" } Set the size of a volume
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | message.user.identity | For example, "message":"{"user":{"identity":"root-admin-client-cert"}} |
| Target (Fields and values that call the API) | message.action | For example, "message":"{"action":"volume-size"}" |
| Action (Fields containing the performed operation) | action | For example,
|
| Event timestamp | time | For example,
|
| Source of action | message.sourceIPs | For example, "message":"{"sourceIPs":["10.252.143.2"]}" |
| Outcome | message.response | For example, "message":"{"response":"success"}" |
| Other fields | Not applicable | Not applicable |
Example log
{ "pri":"14", "time":"2022-12-07T13:46:49.135968Z", "host":"storage", "ident":"storage", "pid":"-", "msgid":"-", "extradata":"-", "message":"{"time":"2022-12-07T13:46:36Z","auditID":"120264072202","user":{"identity":"root-admin-client-cert"},"resource":"{"Application":"ontapi","Hostname":"zh-ad-stge03-01","StorageVirtualMachine":"root-admin"}","action":"volume-size","sourceIPs":["10.252.143.2"],"response":"success","_gdch_org":"root-admin"}", "_gdch_cluster":"root-admin", "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-vn8f9", "_gdch_service_name":"admin-audit-logs" } Delete a volume
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | message.user.identity | For example, "message":"{"user":{"identity":"root-admin-client-cert"}} |
| Target (Fields and values that call the API) | message.action | For example, "message":"{"action":"volume-destroy"}" |
| Action (Fields containing the performed operation) | action | For example,
|
| Event timestamp | time | For example,
|
| Source of action | message.sourceIPs | For example, "message":"{"sourceIPs":["10.252.143.2"]}" |
| Outcome | message.response | For example, "message":"{"response":"success"}" |
| Other fields | Not applicable | Not applicable |
Example log
{ "pri":"14", "time":"2022-12-07T13:46:49.136236Z", "host":"storage", "ident":"storage", "pid":"-", "msgid":"-", "extradata":"-", "message":"{"time":"2022-12-07T13:46:37Z","auditID":"90203137689","user":{"identity":"root-admin-client-cert"},"resource":"{"Application":"ontapi","Hostname":"zh-ad-stge01-02","StorageVirtualMachine":"root-admin"}","action":"volume-destroy","sourceIPs":["10.252.143.2"],"response":"success","_gdch_org":"root-admin"}", "_gdch_cluster":"root-admin", "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-vn8f9", "_gdch_service_name":"admin-audit-logs" }