When to use
Audit Log is needed to control changes, check operator actions and post-incident analysis.
What the audit record contains
- Event time.
- Action type (
action). - Performer (
actorType,actorId). - Target resource (
resourceType,resourceId). - IP address and metadata (when available).
Steps
- Open Audit within the desired cluster.
- View records by period and page.
- Map actions to incidents, alerts, and operational changes.
What to check
- Critical actions (terminal, acknowledge, access changes) have a clear chain of responsibility.
- There are no unexplained actions outside the agreed change windows.
- The IP and context of the events are consistent with the access policy.