Audit Logging

Describes auditing in HPE Ezmeral Unified Analytics Software and how to access audit logs.

Auditing provides a chronological set of records that document the events that occur in an HPE Ezmeral Unified Analytics Software cluster.

Auditing records user, application, and control plane events (that occur through the UI and programmatic access via APIs or CLIs) in audit logs. Audit logs maintain records of actions for accountability, tracking, and compliance purposes.

Auditing provides the following information about actions in HPE Ezmeral Unified Analytics Software:

Type of action
User or application that triggered the action
Timestamp (time the action occurred)
Status of the action (Failed, Started, Success)

Audited Actions

The following tables lists the actions that auditing captures in the audit logs:

Area	Description
Platform	Captures successful and failed login attempts by users.
Administration	Captures the add/delete/modify user actions performed by a user assigned the administrator role.
Billing & Licensing	Captures the license related actions performed by the platform administrator.
Billing & Licensing	Captures the billing and activation related actions performed by the platform administrator, including: Creation of billing credentials and signing-key Creation billing and license credentials and signing-key in airgapped environments Downloading of metering usage in airgapped environments Uploading of metering usage Renewal of billing and license credentials
Keycloak	Captures Keycloak realm updates when the product is deactivated or activated (triggered from enabled to disabled and vice versa).
Kubeflow	Captures the creation of a notebook in Kubeflow. The audit message contains information about the name/namespace and whether the API call was a dry run.
	Captures the deletion of a notebook in Kubeflow. The audit message contains information about the name/namespace and whether the API call was a dry run.
	Captures the creation of a Create KServe Inference Service in Kubeflow. The audit message contains information about the name/namespace and whether the API call was a dry run.
	Captures the deletion of a Create KServe Inference Service in Kubeflow. The audit message contains information about the name/namespace and whether the API call was a dry run.
Spark	Spark application submitted using Spark operator.
	Spark application deleted using Spark operator.
	Scheduled Spark application submitted using Spark operator.
	Scheduled spark application deleted using Spark operator.
	NOTE Livy doesn't support audit logging.
Airflow	User disabled or enabled a DAG. Captures DAG ID and username.
	User started DAG execution. Captures DAG execution time, DAG ID, and username.
	DAG task scheduled after triggering the DAG. Captures DAG run ID, DAG ID, and task ID.
	DAG task running after scheduling. Captures DAG execution time, DAG ID, task ID, and username.
	DAG task succeeded after running. Captures DAG execution time, DAG ID, task ID, and username.
	DAG task failed after running. Captures DAG execution time, DAG ID, task ID, and username.
EzPresto	Query completed event. Audits the user, query, timestamp, status, type of query, and client-ip.
	Audits the data source name, data source type, user, timestamp, and status.
	Audits the user, create view query, timestamp, and status.
	Audtis the user, cache table details, remote table details, and status.

Accessing Audit Logs

Administrators can access audit logs by signing in to HPE Ezmeral Unified Analytics Software UI and selecting Administration > Audit Logs in the left navigation bar. The list of audit logs display on the Audit Logs page.

Viewing Audit Logs for a Period of Time

You can view the audit logs for a given time period by clicking into the dropdown field. The dropdown has the following options:

Option	Description
1 hour	See the audit logs recorded during the past hour.
6 hours	See the audit logs recorded during the past six hours.
Today	Today is the current date, starting at 12:00 am. For example, if you select Today and the date is July 19^th and the time is 5:00 pm, you will see all the audit logs that were recorded between 12:00am and 5:00pm on July 19^th. Date and time is based on local time. If two people are in different time zones, each person will see results based on their respective time zones when they select Today.
Custom	Click the calendar icon and select one or more days. To select multiple days, click the first day and then click the last day. Select the start and end times. For multiple days, the start time is the start time on day one and the end time is the end time on the last day.

Searching Audit Logs

You can search audit logs for records that match specified search criteria. For example, you can search on keywords and tags, including event type, users, date range, and failed attempts.

Filtering Audit Logs

Clicking the filter icon opens the Filters drawer where you can select one or more filter options. You can filter by:

Actions
Statuses
Users

Clicking Reset clears the filters. Click Apply after you click Reset to save the update.

Downloading Audit Logs

Clicking Download Logs downloads the audit logs for the given time period to an Excel file.

HPE Ezmeral Unified Analytics Software 1.5 Documentation
Abstract	HPE Ezmeral Unified Analytics Software is a usage-based Software-as-a-Service (SaaS) model that operationalizes hybrid and multi-cloud modern analytical workloads through a simple user interface, easily installed and deployed in minutes. HPE Ezmeral Unified Analytics Software separates compute and storage for flexible, cost-efficient scalability to securely access data stored in multiple data platforms, enabling you to run traditional and advanced analytics workloads with open-source tools.
Published	November 2024
Edition	1.5.0