Audit Logs
The Audit Logs page records all events that occur in SiteContinuity. The following details are recorded:
-
Impacted systems
-
Timestamp of the event
-
User associated with the action
They include system events such as an audit trail of:
-
Read or write actions performed by the users on your Cohesity clusters.
-
Login and logout actions performed by the Helios users in SiteContinuity.
Configure Audit Log
By default, audit logs are enabled on SiteContinuity. You can configure the following settings based on your requirements:
-
Log retention period.
-
Capture read logs of specific user roles on the Cohesity clusters.
Set Log Retention Period for Audit Logs
Audit logs are retained in SiteContinuity for 180 days by default, but you can change this to any period between 90 and 365 days.
To set a retention period for audit logs:
-
In SiteContinuity, navigate to Audit Logs and click the Settings tab.
-
Under Settings, click the Edit icon (
) for Log Retention Period. -
Enter the desired number and choose a type of retention period (days, weeks, months, or years).
converts weeks or months into days and displays that number as the Log Retention Period. If you enter a value that is less than 90 days or more than 365 days, the change will fail and revert to its existing value when you save it.
-
Select
icon to save. A notification with the message Settings Updated appears briefly.
Capture Read Actions for Specific User Roles
You can configure SiteContinuity to capture read action logs for specific user roles on your Cohesity clusters.
To specify user roles for read action logs:
-
Navigate to Audit Logs and click the Settings tab.
-
Under Settings, click the Edit icon (
) for Logs for Read Actions. -
Select a role.
-
Click the Add icon (
) icon to add more roles. -
Click the Save icon (
).
A notification with the message Settings Updated appears briefly.
The roles you selected for capture are listed under Logs for Read Actions.
View Audit Logs
On the Audit Logs page in SiteContinuity, click the Audit Logs tab to view the audit logs, where you can find the following events as logged by the Cohesity clusters or Helios services:
-
Date
-
Time
-
User and action
-
System (cluster IP or Helios service)
By default, only the write actions performed by the users on Cohesity clusters are displayed on the Audit Logs page. To see read actions, select Read Actions from the Actions filter and click Apply.
Use Filters to Locate Specific Logs
Use the filters to narrow the listed audit logs and locate the specific logs you’re looking for.
The filters are:
-
Date Range.Filter the audit logs based on the selected time window.
-
System.Filter the audit logs based on the cluster(s) or Helios service.
-
Users.View the audit trails of specific users.
-
Category.Filter the audit logs based on predefined categories. All cluster audit logs are logged under predefined categories for you to find the relevant audit logs and analyze the right logs quickly: Application, DR Plan, Sites.
-
Action.Filter the audit logs based on the read or write actions performed by the users on the Cohesity clusters that are managed in Helios. See Logged Actions.
Logged Actions
Along with the read actions, the following write actions are logged:
|
Write Actions |
Description |
|---|---|
| Activate | A user activated an entity, such as a DR plan. |
| Create | A user created an entity, such as a site. |
| Delete | A user deleted an entity, such as a DR plan, application, or site. |
| Failback | A user triggered a failback operation on a DR plan. |
| Failover | A user triggered a failover operation on a DR plan. |
| Login | A user logged in to Helios. |
| Logout | A user logged out of Helios. |
| Modify | A user modified an entity, such as a DR plan or application. |
| PrepareFailover | A user triggered a prepare-for-failover operation on a DR plan. |
| TestFailover | A user triggered a Test Failover operation on a DR plan. |
| PrepareFailback | A user triggered a prepare-for-failback operation on a DR plan. |
| TestFailback | A user triggered a Test Failback operation on a DR plan. |
| Teardown | A user triggered a Teardown operation on a DR plan. |
| Cancel | A user canceled an ongoing operation on a DR plan. |
| Resume | A user resumed an operation on a DR plan. |
| ForceFinish | A user-triggered force finish on a failed failover or failback operation on a DR plan. |
Download Audit Logs
You can download the Audit Logs in SiteContinuity for analysis and sharing.
To download audit logs:
-
In SiteContinuity, navigate to Audit Logs.
-
In the top right, click the Download icon next to Logs.
The download of the file in CSV format is initiated.
