An audit log contains a cluster-wide view of events and changes to QueryGrid within a cluster. The audit log is found at /etc/opt/teradata/tdqgm/logs/tdqgm-audit.log and is replicated on all QueryGrid Managers in a cluster. The log contains all failed logon attempts and configuration changes. When the log reaches 100MB in size, the audit log is rotated and renamed tdqgm-audit.log.1 for storage. Up to 10 rotated audit log files are kept on disk.
The format for the audit log message is the following:
DATE TIME ACTION RESOURCE_TYPE USER_DETAILS --- RESULT
- DATE – Current date in YYYY-MM-DD format
- TIME – Time of audit record in UTC
- ACTION – The action performed by the user, one of: CREATED, UPDATED, DELETED, or LOGIN
- RESOURCE_TYPE – The type of resource created, updated, or deleted (for example. SYSTEM, CONNECTOR, or FABRIC)
- USER_DETAILS – Contains details about the user that performed the action
- user: The name of the QueryGrid Manager user (such as, viewpoint, support)
- address: The IP of the QueryGrid client
- endUser: The username of the Viewpoint user, if accessed from Viewpoint
- endUserAddress: The Viewpoint user IP, if accessed from Viewpoint
- manager: The hostname of the manager in the cluster that handled the request
- RESULT – The result of ACTION. If ACTION is CREATED or DELETED, the result contains the created or deleted resource. If ACTION is UPDATED, the result contains the BEFORE and AFTER contents of the resource.
Examples
The following is an example audit log for a newly created system:
2020-06-12 22:36:38.603 CREATED SYSTEM {user=viewpoint;address=10.10.10.10;endUser=bob;endUserAddress=10.11.11.11;manager=tdqgm1.labs.teradata.com} --- {"id":"8f3213f6-5e40-4064-b648-cf581536fa7d","lastModified":"2020-06-12T15:36:38.596-0700","name":"ProdHadoop","description":null,"dataCenterId":"764b2c95-0868-497f-8c25-b866449ee3b9","softwareVersion":"02.11.00.03-4","maximumMemoryPerNode":1073741824,"bridgeOnly":false,"proxySupportType":"NO_PROXY","proxyPort":null,"proxyNetworkId":null,"proxySystemId":null,"autoNodeDelete":false,"autoNodeDeleteMinutes":null}
The following is an example audit log for an updated system:
2020-06-12 22:42:26.614 UPDATED SYSTEM {user=viewpoint;address=10.10.10.10;endUser=bob;endUserAddress=10.11.11.11;manager=tdqgm2.labs.teradata.com} --- BEFORE: {"id":"8f3213f6-5e40-4064-b648-cf581536fa7d","lastModified":"2020-06-12T15:36:38.596-0700","name":"ProdHadoop","description":null,"dataCenterId":"764b2c95-0868-497f-8c25-b866449ee3b9","softwareVersion":"02.11.00.00-4","maximumMemoryPerNode":1073741824,"bridgeOnly":false,"proxySupportType":"NO_PROXY","proxyPort":null,"proxyNetworkId":null,"proxySystemId":null,"autoNodeDelete":false,"autoNodeDeleteMinutes":null}, AFTER: {"id":"8f3213f6-5e40-4064-b648-cf581536fa7d","lastModified":"2020-06-12T25:42:26.120-0700","name":"ProdHadoop","description":null,"dataCenterId":"764b2c95-0868-497f-8c25-b866449ee3b9","softwareVersion":"02.12.00.00-4","maximumMemoryPerNode":1073741824,"bridgeOnly":false,"proxySupportType":"NO_PROXY","proxyPort":null,"proxyNetworkId":null,"proxySystemId":null,"autoNodeDelete":false,"autoNodeDeleteMinutes":null}