Errors or typos? Topics missing? Hard to read? Let us know!
This page outlines the procedures for managing and understanding audit events in MAAS (Metal as a Service). Audit events play a crucial role in monitoring the changes and activities on your managed machines. Read about ways to effectively utilise audit events for tracking and oversight.
List audit events
To retrieve a list of MAAS audit events, execute the following command in the MAAS CLI:
$ maas $PROFILE events query level=AUDIT
This lists all audit events, including information such as the username, hostname, date, and a description of the event.
Filter events by hostname
To narrow down audit events to a specific hostname, use:
$ maas $PROFILE events query level=AUDIT hostname=your-hostname
Substitute your-hostname
with the actual hostname to list events for that specific host.
Filter events by MAC
For filtering audit events by a MAC address:
$ maas $PROFILE events query level=AUDIT mac_address=00:11:22:33:44:55
Change 00:11:22:33:44:55
to the MAC address of interest. This will show events related to the given MAC address.
Filter events by SYSID
To filter events by a system ID:
$ maas $PROFILE events query level=AUDIT id=system-id
Replace system-id
with the actual system ID to list events for that ID.
Filter events by zone
For zone-specific audit events:
$ maas $PROFILE events query level=AUDIT zone=your-zone
Replace your-zone
with the zone name to filter events within that zone.
Filter events by owner
To view events based on the machine’s owner:
$ maas $PROFILE events query level=AUDIT owner=owner-username
Change owner-username
to the username of the owner to list their machine’s events.
Limit event count
To limit the number of displayed events:
$ maas $PROFILE events query level=AUDIT limit=10
This command shows only the last 10 audit events, adjustable as needed.
Move event window
To start displaying events from a certain point:
$ maas $PROFILE events query level=AUDIT after=event-id
Replace event-id
with the starting event ID to list subsequent events.
Audit life-cycles
Auditing a machine’s life cycle involves collecting and analysing audit data over time. Start by gathering extensive audit data:
$ maas $PROFILE events query level=AUDIT hostname=your-hostname limit=1000 > /tmp/audit-data
This saves a significant number of events for the specified hostname into a file, aiding in the analysis of the machine’s activity and life cycle for monitoring and troubleshooting purposes.