Audit changes

The XenServer audit log, which is enabled in XenServer by default, records any operation with side-effects (successful or unsuccessful) performed by a known user. This includes:

  • The user’s name who performed the action. If the user’s name is not available, XenServer logs the user ID instead.
  • The server name that was targeted by the action.
  • The status of the action - if it was successful or unsuccessful and if it was authorized. if the operation failed then the error code is logged.

The audit logging feature is enabled by default. The audit log can be backed up by using the XenServer syslog command to duplicate the audit log to a safe box. The syslog command is available from the CLI and documented in XenServer Administrator’s Guide.

While Citrix strongly recommends that customers concerned with auditing implement Role Based Access Control, the audit log itself does not require that users be assigned RBAC roles nor does it require Active Directory integration.

XenServer logs actions on the pool level, and creates a log for each pool on the pool master.

To display the audit log, you have two choices. You can:

  • Generate the Pool Audit Trail report, provided you have Workload Balancing enabled.
  • Display the audit log by opening it in any text editor. The log is stored on the pool master.
Audit changes

In this article