EGO audit logs

EGO events related to consumers and services, users, and core operations can be collected and stored in audit logs.

Specify the location of audit log files with the parameter EGO_AUDIT_LOGDIR in ego.conf. To enable audit logs, set EGO_AUDIT_LOG=Y in ego.conf.

Component/object

Logged event/action

Audit log file name

EGO service

  • Start

  • Stop

Windows:

%EGO_CONFDIR%\..\..\audits\egoservice.audit.log

Linux/UNIX:

$EGO_CONFDIR/../../audits/egoservice.audit.log

Host

  • Open

  • Close

Windows:

%EGO_CONFDIR%\..\..\audits\ego.audit.log

Linux/UNIX:

$EGO_CONFDIR/../../audits/ego.audit.log

User

  • Add

  • Modify

  • Delete

  • Assign a new role

  • Unassign a role

  • Log on from GUI/CLI

  • Log off from GUI/CLI

  • Log on fail from GUI/CLI/API

Windows:

%EGO_CONFDIR%\..\..\audits\ego.audit.log

Linux/UNIX:

$EGO_CONFDIR../../audits/ego.audit.log

Consumer

  • Add

  • Modify

  • Delete

  • Change resource plan

Windows:

%EGO_CONFDIR%\..\..\audits\ego.audit.log

Linux/UNIX:

$EGO_CONFDIR/../../audits/ego.audit.log

Audit log file format

Both EGO audit log files present logged events in the same format. An example is provided here for each of the EGO components and corresponding events.

DATE/TIME
TYPE
USER
OBJECT
ID
ACTION
DETAIL

time_stamp

CONTROL

user_name

SERVICE

service_name

started

-

time_stamp

CONTROL

user_name

SERVICE

service_name

stopped

-

time_stamp

CONTROL

user_name

SERVICE

service_name

start_failed

error _msg

time_stamp

CONTROL

user_name

SERVICE

service_name

stop_failed

error _msg

time_stamp

CONTROL

user_name

HOST

host_name

opened

-

time_stamp

CONTROL

user_name

HOST

host_name

closed

-

time_stamp

CONTROL

user_name

HOST

host_name

removed

-

time_stamp

CONTROL

user_name

HOST

host_name

open_failed

error _msg

time_stamp

CONTROL

user_name

HOST

host_name

close_failed

error _msg

time_stamp

CONTROL

user_name

HOST

host_name

remove_failed

error _msg

time_stamp

CONFIG

user_name

USER

user_name

created

user_info

time_stamp

CONFIG

user_name

USER

user_name

modified

user_info

time_stamp

CONFIG

user_name

USER

user_name

deleted

-

time_stamp

CONFIG

user_name

USER

user_name

assigned

details

time_stamp

CONFIG

user_name

USER

user_name

un-assigned

details

time_stamp

SECURITY

user_name

USER

user_name

logon

caller_ip

time_stamp

SECURITY

user_name

USER

user_name

logoff

caller_ip

time_stamp

CONFIG

user_name

USER

user_name

create_failed

error _msg

time_stamp

CONFIG

user_name

USER

user_name

modify_failed

error _msg

time_stamp

CONFIG

user_name

USER

user_name

delete_failed

error _msg

time_stamp

CONFIG

user_name

USER

user_name

assign_failed

error _msg

time_stamp

CONFIG

user_name

USER

user_name

un-assign_failed

error _msg

time_stamp

SECURITY

-

USER

who_string*

logon_fail

caller_ip

time_stamp

CONFIG

user_name

CONSUMER

consumer_name

added

details

time_stamp

CONFIG

user_name

CONSUMER

consumer_name

modified

details

time_stamp

CONFIG

user_name

CONSUMER

consumer_name

deleted

-

time_stamp

CONFIG

user_name

CONSUMER

consumer_name

add_failed

error _msg

time_stamp

CONFIG

user_name

CONSUMER

consumer_name

modify_failed

error _msg

time_stamp

CONFIG

user_name

CONSUMER

consumer_name

delete_failed

error _msg

time_stamp

CONFIG

user_name

CPUPLAN

consumer_name

modified

details

time_stamp

CONFIG

user_name

CPUPLAN

consumer_name

modify_failed

error _msg

Note:

*As the user name cannot be acquired when a logon fails, a who_string is instead logged with the format port@ip.

Note:

With the exception of egosh user logon and egosh user logoff, three events are logged for commands: logon, the command, logoff. This is because authentication is required for command-line interfaces. For the command egosh user logon and egosh user logoff, only two events are logged: logon and logoff.