Audit Logs for Filesystem, Table, and Stream Operations

These types of audit log record operations that are managed by the mfs service, MapR-DB, and MapR Streams. These operations take place within volumes and have effects at the level of the MapR filesystem.

These audit logs are stored in a system volume created specifically to store them. This volume is created automatically during cluster installations and upgrades. Operations are logged on the nodes on which the operations are executed, which could differ from the nodes where operations are initiated. Logs are stored in the MapR file system at /var/mapr/local/<node_name>/audit/.

Audit logs for operations on directories and files

Operations on directories and files, as well as the deletion of MapR-DB tables, are logged in files that have this naming convention: FSAudit.log.json-dd-mm-yyyy-<001-999>

To see what information is recorded in typical log entries, see Example Log Entries for Audited Filesystem Operations.

Audit logs for operations on MapR-DB tables and MapR streams

All operations on MapR-DB tables and MapR streams are logged in files that have this naming convention: DBAudit.log.json-dd-mm-yyy-<001-999>

Operations that result from maprcli commands, REST calls, or activity in the MapR Control Service are also logged in /opt/mapr/mapr-cli-audit-log/audit.log.json in the local filesystem on the nodes where the operations are processed.

To see what information is recorded in typical log entries, see Example Log Entries for Audited Operations on MapR-DB Tables.