Consuming Audit Logs

Audit Streaming (available from v6.0.1) provides a way to process the audit data in real-time.

When audit streaming is enabled, the HPE Ezmeral Data Fabric generates audit logs that are sent as an audit stream, opening the possibility of real-time processing of the audit data. See Streaming Audit Logs for more information.

Use the sample consumer application, or build your custom consumer application, to consume the audit logs that are available as a stream topic, when audit streaming is enabled.

The sample application uses file system APIs to get the file path and name from the FID, and the volume name from the volume ID.

Determine When to use Cached or Uncached Version of the File System API

Caching the file path and file name, along with the volume name at the initial API call, reduces the load on CLDB for subsequent API calls.

However, there could be cases when the uncached version of the application is more suitable for use. Consider the following example:

For the initial API call, File1 is returned as the file name for FID 1. The result is cached.

The file is then renamed to File2. For subsequent API calls, to get the file name for FID 1, the result from the cache is used. The cache, unaware of the rename operation, returns the name as File1, which is incorrect, as the file is already renamed to File2. For such a case, use the uncached version.

Evaluate your use case, and then use the cached, or the uncached version, as appropriate.