Audit Logs for Filesystem, Table, and Stream Operations
These types of audit log record operations that are managed by the mfs service, MapR-DB, and MapR Streams. These operations take place within volumes and have effects at the level of the MapR filesystem.
These audit logs are stored in a system volume created specifically to store them. This
volume is created automatically during cluster installations and upgrades. Operations
are logged on the nodes on which the operations are executed, which could differ from
the nodes where operations are initiated. Logs are stored in the MapR file system at
/var/mapr/local/<node_name>/audit/
.
Audit logs for operations on directories and files
Operations on directories and files, as well as the deletion of MapR-DB tables, are
logged in files that have this naming convention:
FSAudit.log.json-dd-mm-yyyy-<001-999>
To see what information is recorded in typical log entries, see Example Log Entries for Audited Filesystem Operations.
Audit logs for operations on MapR-DB tables and MapR streams
All operations on MapR-DB tables and MapR streams are logged in files that have this
naming convention: DBAudit.log.json-dd-mm-yyy-<001-999>
Operations that result from maprcli commands, REST calls, or activity in the MapR
Control Service are also logged in
/opt/mapr/mapr-cli-audit-log/audit.log.json
in the local filesystem
on the nodes where the operations are processed.
To see what information is recorded in typical log entries, see Example Log Entries for Audited Operations on MapR-DB Tables.
FSAudit.log.json
, rather than in
DBAudit.log.json
.