Gateway's audit log of user actions is designed for machine parsing so it can be used for auditing, compliance monitoring, API request analysis, and SLA reporting.
...
Field Name | Description |
|---|---|
Auth Domain | Tenant or storage domain name used to authenticate user; tenant names prefixed with "+" |
Auth User | User ID used to authenticate; empty if anonymous |
Bucket | Name of bucket |
DNS Domain | Origin DNS domain; value of Host header from the request |
Domain | Swarm domain name to which operation refers to |
Elapsed Time | Transaction time in milliseconds |
HTTP Code | Request response code. Exceptions in request handling return a 500. All SCSP requests that have authorization errors output a 401. |
Log Level | Logging level for the audit log entry |
Message Type | Message category to simplify filtering |
Object Name or UUID | Named of object, excluding bucket name, or UUID for unnamed streams |
Operation | The operation. Examples: POST, HEAD, DELETE, INVOKE |
Record Format Version | Audit log record format version. This will change if format of the output records is different from the previous release. |
Request ID | A unique identifier for client request attached to all associated audit messages. This value matches the HTTP response header Gateway-Request-Id given to the client and is used in the server log. |
Response Bytes | Number of bytes sent to Source IP in the HTTP response body |
Source Bytes | Number of bytes received from Source IP in the message body |
Source IP | IP address from which a request originated |
Timestamp | High resolution timestamp up to millisecond |
...
Interrupted GET — When a GET operation is interrupted, such as if the socket closed unexpectedly prior to reading all data, the audit log may record an HTTP 200 response with response bytes equal to the size of the object. When interruption takes place, an HTTP 500 response is logged with response bytes equal to the actual number of bytes that were transmitted.
Duplicate Request IDs — All messages will have the same Request ID so they can be correlated with the client request if multiple messages are logged from one client operation. For example, the recursive delete operation will generate synthetic delete requests all with the same Request ID.
INVOKE operations — The optional feature Video Clipping (v11.0) logs INVOKE operations. Each video clipping event logs multiple events to provide auditing through the process, which may take a while to complete. When you create a video clip, Gateway acknowledges the request with an INVOKE message. See Video Clipping for Partial File Restore.
Application-Supplied Tag
Gateway's audit logging allows for the client application to supply a custom tag that can be used to correlate multiple audit log entries to one application-level transaction. The application specifies this tag in a Gateway-Audit-Id request header and it must be alpha-numeric and is truncated at 32 characters. When this optional tag is received, the Request ID field of the audit log entry will contain the automatically-generated request identifier from the Gateway, a dash ("-"), and the application-supplied tag.
...