Understanding log messages

Each message displayed in the All Events and Security Events panel includes this information about an event:

  • The user name of the event initiator:
    • For user-initiated events, this is the user name currently associated with the user account used by the user who initiated the event. These considerations apply:
      • For an HCP user account, if the account has been deleted, the user name is followed by the letter D in parentheses.
      • For an AD user account, if the account has been deleted or if HCP currently cannot contact AD, the user name for the message is blank.
    • For system-initiated events, the user name is [internal].
    • For events initiated through SNMP, the user name is [snmp].
    • For events initiated by HCP service or support personnel by means other than the System Management Console or SNMP, the user name is [service].
  • The severity of the event. Possible values are:
    • Notice

      The event is normal and requires no special action. Events of this severity are informational only. Examples are:

      • Node started
      • Protection service finished: run complete
      • Syslog settings changed

    • Warning

      The event is out of the ordinary and may require manual intervention. Examples are:

      • Storage capacity warning
      • Protection service beginning repairs
      • Remote authentication server error

    • Error

      The event is serious and most likely requires manual intervention. Examples are:

      • Storage capacity critical
      • Volume failure
      • Network interface down

  • The date and time at which the event occurred, shown for the time zone in which the HCP system is located.
  • A short description of the event.

To view more details about an event, click anywhere in the row containing the event message. To hide the details, click again in the row.

The details displayed for an event are:

  • The user ID of the event initiator
  • For user-initiated events, the port through which HCP received the event request
  • For user-initiated events, the IP address from which the event request was sent
  • The message ID
  • The number of the node on which the event occurred
  • If the event applies to a specific logical volume, the volume ID
  • The full text of the event message