Control Center audit logging
serviced service writes messages to an audit log file on the
master host when configuration changes occur on Control Center hosts.
The messages record the time, user identity, and information about the
change in plain text.
The default location of the
serviced audit log file is
/var/log/serviced. The location is determined by the
/etc/default/serviced. The log file name is
serviced audit log directory contains additional files:
serviced.access.logrecords HTTP/S requests and is always present.
application-audit.logrecords application audit messages, and is present only if Zenoss Resource Manager is installed.
The files in the
serviced audit log directory are managed by
logrotate. The serviced RPM installation process installs
if necessary, and creates
/etc/cron.hourly/serviced. Then, the
anacron service invokes
logrotate every hour.
The operations that
logrotate performs on audit log files are
/opt/serviced/etc/logrotate.conf. The default
configuration rotates, compresses, and removes files as necessary to
ensure that the logs occupy no more than 10GB of storage. To store
larger volumes of log files, choose one or more of the following
- Mount the
servicedaudit log directory on a larger local or remote file system.
- Modify the
- Forward the log files to a log management application.
- Use a
cronjob to copy the files to a larger local or remote file system.