Monitoring MC user activity using audit log

When an MC user makes changes on the MC interface, whether to an MC-managed database or to the MC itself, their action generates a log entry that records a timestamp, the MC user name, the database and client host (if applicable), and the operation the user performed.

When an MC user makes changes on the MC interface, whether to an MC-managed database or to the MC itself, their action generates a log entry that records a timestamp, the MC user name, the database and client host (if applicable), and the operation the user performed. You monitor user activity on the Diagnostics > Audit Log page.

MC records the following types of user operations:

  • User log-on/log-off activities

  • Database creation

  • Database connection through the console interface

  • Start/stop a database

  • Remove a database from the console view

  • Drop a database

  • Database rebalance across the cluster

  • License activity views on a database, as well as new license uploads

  • Workload analyzer views on a database

  • Database password changes

  • Database settings changes (individual settings are tracked in the audit record)

  • Syncing the database with the cluster (who clicked Sync on grid view)

  • Query detail viewings of a database

  • Closing sessions

  • Node changes (add, start, stop, replace)

  • User management (add, edit, enable, disable, delete)

  • LDAP authentication (enable/disable)

  • Management Console setting changes (individual settings are tracked in the audit record)

  • SSL certificate uploads

  • Message deletion and number deleted

  • Console restart from the browser interface

  • Factory reset from the browser interface

  • Upgrade MC from the browser interface

Background cleanup of audit records

An internal MC job starts every day and, if required, clears audit records that exceed a specified timeframe and size. The default is 90 days and 2K in log size. MC clears whichever limit is first reached.

You can adjust the time and size limits by editing the following lines in the /opt/vconsole/config/console.properties file:

vertica.audit.maxDays=90vertica.audit.maxRecords=2000

Filter and export results

You can manipulate the output of the audit log by sorting column headings, scrolling through the log, refining your search to a specific date/time and you can export audit contents to a file.

If you want to export the log, see Exporting the user audit log.

If you perform a factory reset

If you perform a factory reset on MC's Diagnostics page (restore it to its pre-configured state), MC prompts you to export audit records before the reset occurs.