In your example, 5185 is the PID of the isi_audit_syslog process on the node that generated the audit event. The audit payload starts with S-1-5-21-3108209963-2641128813-111641110-799630 which is the user SID. Details of all fields is documented at this link:
Thanks Yan. That answers 95% of the questions. I still don't see where the [0:0][0:0] mean in the logs, I see it's under the CLOSE options and falls on fields 10 and 11 which are bytes read and bytes write, but if one of the 0's is the bytes, what's the other 0 after the colon?
Yan_Faubert
117 Posts
0
May 11th, 2023 05:00
In your example, 5185 is the PID of the isi_audit_syslog process on the node that generated the audit event. The audit payload starts with S-1-5-21-3108209963-2641128813-111641110-799630 which is the user SID. Details of all fields is documented at this link:
https://infohub.delltechnologies.com/p/understanding-the-protocol-syslog-format-in-powerscale-onefs/
MDRadmin
2 Posts
0
May 15th, 2023 04:00
Thanks Yan. That answers 95% of the questions. I still don't see where the [0:0][0:0] mean in the logs, I see it's under the CLOSE options and falls on fields 10 and 11 which are bytes read and bytes write, but if one of the 0's is the bytes, what's the other 0 after the colon?
Yan_Faubert
117 Posts
0
May 15th, 2023 06:00
bytesRead: Format is x:y where x = total_bytes y = number of reads
bytesWritten: Format is x:y where x = total_bytes y = number of writes