MX7000 Advance Filtering Dell EMC Technical White Paper
Revisions Revisions Date Description Jan 2019 Initial release Acknowledgements This paper was produced by the following members of the Dell EMC storage engineering team: Author: Dahir Herzi and Gilberto Osuna Gonzalez 2 MX7000 Deployment of Management Module Network using the LCD control panel | Document ID
Acknowledgements Table of contents Revisions.............................................................................................................................................................................2 Acknowledgements .............................................................................................................................................................2 Introduction .......................................................................................................
Introduction Introduction The purpose of this whitepaper is to describe Audit logs and Alert logs in MX7000 chassis. Audit logging presents information about the operations/actions that have been invoked in the MX7000 environment. For audit logs it displays details in a categorized manner and informs about the time in which an action took place.
Audit Log Filters in figure 2. Expanding the advanced filters will show all available filtering criteria for Audit Logs. There is also an option named ‘Clear All Filters’ which will clear out any applied filters and show all audit log records without filtering. Audit Logs Top Section At the bottom of this page there’s a navigation bar and details about the amount of records and how many records are shown per page (by default it is 30 records per page).
Audit Log Filters Description Contains Filter applied to description. This is more like a LIKE and will audit logs based in this condition. Message ID Message ID to be filter out from audit logs. Audit Logs Filters The following shows an example of how all filters can be combined to obtain a more specific list of audit logs.
Audit Log Filters Audit Logs Filters (Filter by Start and End Time) Audit Logs Filters (Filter by User) Audit Logs Filters (Filter by Source Address) 7 MX7000 Deployment of Management Module Network using the LCD control panel | Document ID
Audit Log Export Audit Logs Filters (Filter by Category) Audit Logs Filters (Filter by Description Contains) Audit Logs Filters (Filter by Message ID) Audit Log Export Audit Logs entries can be export to a CSV file by clicking the Export button located in the top of the Audit Log Page, a sub menu will be shown and from there we select Export All.
Alert Logs Audit Logs Filters (Export All) Export all will show a ‘Save As’ window and from there we can navigate to the location where we want to save our current Audit Logs. Audit Logs Filters (Save As) The generated audit log CSV file can be opened by using Excel or a text editor. It will show the details as indicated in below Figure 14. Audit Logs Filters (Generated Audit Log CSV File Contents) Alert Logs The following section describes: • • 9 The alert logs section of MX7000.
Navigate to Alert Logs Alert log entries are the events generated by devices such as SLEDs, IOMs, chassis controller or internal events by MX7000 chassis. These events are recorded and presented in the UI through the Alert Log page. These events are generated, received and processed. The source of the event is a device (except for internal events) and the type can be SNMP or REDFISH events (in case of EC).
Alert Log Filters At the right side of the page there’s an information bock that shows relevant information from the event generated by the device. Like the domain corresponding to the event, detailed message of the event, recommended action to resolve the issue, and Message ID (EEMI Message ID). Audit Logs Bottom Section (Navigation Bar) Alert Log Filters Filter Severity Acknowledge 11 Description Severity to filter from the list of alert logs.
Alert Log Filters • Work Notes Indicates which subcategories of the selected category can be filter. This list is variable, and it can contain 1 to N subcategories per selected category. Is recommended to select a subcategory to filter more accurately. Subcategory Message A message that can be filter out from the list of alerts. This will use a LIKE to filter out alerts. Alert Log Filters following filters that can be applied to the existing view of recorded logs.
Alert Log Filters Alert Log Filters (Filter by Acknowledge) Alert Log Filters (Filter by Start Date and End Date) Alert Log Filters (Filter by Source Name) 13 MX7000 Deployment of Management Module Network using the LCD control panel | Document ID
Appendix Alert Log Filters (Filter by Category and Subcategory) Alert Log Filters (Filter by Message) Appendix REST calls can be performed to retrieve filtered audit and alert logs. Perform REST requests. More details in how to install the and how to use it can be found in the Doc section of the tool: https://www.getpostman.com/docs/v6/. Appendix I. Using REST to apply filters to Audit Logs The following URIs can be used to access audit logs.
Audit Logs Filters (REST) Filter Name Severity Description Message Filter by the severity of the EEMI message. Critical, Warning and Informational. Filter by the EEMI message contents. Category Filter by the Category that the EEMI message comes under. UserName Filter by the Authenticated user who generated the EEMI message. IpAddress Filter by IP address of the authenticated user. MessageID Filter by the EEMI message identifier.
Get all Audit Logs Get all Audit Logs URI /api/ApplicationService/AuditLogs Description Returns a collection of audit logs. The operation to perform is GET. The following is an output sample of the response: All Audit Logs REST Payload Output Sample: { "@odata.context": "/api/$metadata#Collection(ApplicationService.AuditLog)", "@odata.count": 6, "value": [ { "@odata.type": "#ApplicationService.AuditLog", "@odata.
Get a Single Audit Log "Id": 385, "Severity": "1000", "Message": "Successfully logged in from GUI .", "Category": "Audit", "UserName": "root", "IpAddress": "10.210.136.126", "MessageArgs": "GUI", "MessageID": "CMON0001", "CreatedDate": "2018-08-21T14:41:08.004Z" }, { "@odata.type": "#ApplicationService.AuditLog", "@odata.id": "/api/ApplicationService/AuditLogs(384)", "Id": 384, "Severity": "1000", "Message": "The job Inventory Refresh with id 27478 of type inventory to run now.
Appendix II. Using REST to apply filters to Alert Logs Single Audit Logs REST Payload Sample Output: { "@odata.context": "/api/$metadata#ApplicationService.AuditLog/$entity", "@odata.type": "#ApplicationService.AuditLog", "@odata.id": "/api/ApplicationService/AuditLogs(387)", "Id": 387, "Severity": "1000", "Message": "Successfully logged off from GUI .", "Category": "Audit", "UserName": "root", "IpAddress": "10.210.136.
Get all Alert Logs CategoryId Filter by category id – default 0 SubCategoryId Filter by sub category id – default 0 SubCategoryName Filter by sub category name Message Filter by message TimeStampBegin Filter by alert time (begin) TimeStampEnd Filter by alert time (end) AlertDeviceName Filter by alert device name Alert Log Filters Above filters can be combined to have a more explicit list in response. The following is a sample of using filters in the REST request.
Get all Alert Logs The operation to perform is GET. The following is an output sample of the response: All Alert Logs REST Payload Sample Output: { "@odata.context": "/api/$metadata#Collection(AlertService.Alert)", "@odata.count": 44, "value": [ { "@odata.type": "#AlertService.Alert", "@odata.id": "/api/AlertService/Alerts(919)", "Id": 919, "SeverityType": 8, "SeverityName": "Warning", "AlertDeviceId": 26990, "AlertDeviceName": "D123499", "AlertDeviceType": 1000, "AlertDeviceIpAddress": "10.35.0.
Get all Alert Logs ingD1234991.3.6.1.4.1.674.10892.5.3.1.5.0OctetStringWIN02GODDHDJTC1.3.6.1.4.1.674.10892.5.3.1.6.0OctetString iDRAC.Embedded.11.3.6.1.4.1.674.10892.5.3.1.7.0OctetStringiDRAC1.3.6.1.4.1.674.10892.5 .3.1.8.
Get all Alert Logs "AlertDeviceId": 26990, "AlertDeviceName": "D123499", "AlertDeviceType": 1000, "AlertDeviceIpAddress": "10.35.0.153", "AlertDeviceMacAddress": "d0:94:66:2d:b8:44", "AlertDeviceIdentifier": "D123499", "AlertDeviceAssetTag": "", "DefinitionId": 1564564330, "CatalogName": "iDRAC", "CategoryId": 1003, "CategoryName": "Audit", "SubCategoryId": 56, "SubCategoryName": "User Tracking", "StatusType": 2000, "StatusName": "Not-Acknowledged", "TimeStamp": "2018-08-21 18:59:50.
Get a Single Alert Log "RecommendedAction": "Contact the iDRAC administrator and make sure the username and password credentials used are correct. Check the Lifecycle Controller Log (LC Log) to see if more unauthorized iDRAC access attempts are occurring than would be expected due to forgotten account names or passwords.", "AlertMessageId": "USR0034", "AlertVarBindDetails": "10.35.0.153.1.3.6.1.4.1.674.10892.5.3.2.
Get a Single Alert Log Payload Sample Output: { "@odata.context": "/api/$metadata#AlertService.Alert/$entity", "@odata.type": "#AlertService.Alert", "@odata.id": "/api/AlertService/Alerts(919)", "Id": 919, "SeverityType": 8, "SeverityName": "Warning", "AlertDeviceId": 26990, "AlertDeviceName": "WIN-02GODDHDJTC", "AlertDeviceType": 1000, "AlertDeviceIpAddress": "10.35.0.