Table of contents

View logs

IBM Data Science Experience (DSX) Local automatically logs information from each service. By default, the log entries are ordered from newest to oldest.

Restriction: By default, DSX Local stores the logs for the last 10 days. However, you can adjust the default setup in the DSX Local application settings.

You can access the Cluster Log page from the menu icon: (The menu icon).

When you're troubleshooting a problem with DSX Local, you can narrow your results by:

  • Viewing only the logs for a specific node
  • Viewing only the logs for a specific service (Container)
  • Searching for a specific term
  • Filtering the logs to show only events that occurred over a specified period
  • Filtering the logs to show only specific types of events, such as errors or warnings

Controls for interacting with the DSX Local log files

Tip: You can combine these interactions to further narrow your results.

Audit DSX Local records

DSX Local logs an audit record of user login attempts (either from the sign in page or using the validateAuth REST API) to the DSX Local cluster. The record is stored as JSON, and contains the following information about each login attempt:

{ 
   "DSX_AUDIT_RECORD": {
      "version":"1.0",
      "event":"user_auth",
      "timestamp": Request timestamp in ISO8601 DateTime with Timeszone format
      "user_auth_object": {
          "user_auth_object_version":"1.0",
          "uri":Request URI
          "username":The user name used to attempt the login,
          "status":Result Status code (e.g. 200: OK, 401: Authorization failure)
      }
   } 
}

Example of a single login attempt:

{ 
   "DSX_AUDIT_RECORD": {
      "version":"1.0",
      "event":"user_auth",
      "timestamp":"2018-03-08T06:38:00+00:00",
      "user_auth_object": {
          "user_auth_object_version":"1.0",
          "uri":"\/v1\/preauth\/validateAuth",
          "username":"admin",
          "status":200
      }
   } 
}

To list all of the records in the Admin Console, go to Cluster log and in the ibm-nginx-container container, search for the DSX_AUDIT_RECORD keyword. You can also specify a timestamp range for the user login attempts.

Alternatively, you can use the following REST API endpoint to download the DSX_AUDIT_RECORD content as JSON:

GET https://<9.87.654.321>/api/v1/log/getDSXAudit

Example:

curl -i -o dsx_audit_record.txt \
-H  "authorization: Bearer $bearerToken" \
-X GET "{clusterIp}/api/v1/log/getDsxAudit?from=2018-03-05T12:00:00&to=2018-03-06T12:00:00"

where $bearerToken represents your bearer token, from=2018-03-05T12:00:00 represents an optional parameter for any login attempt on or newer than that ISO8601 timestamp, and to=2018-03-06T12:00:00 represents an optional parameter for any login attempt on or older than that ISO8601 timestamp. You can specify one or both timestamp parameters; if no timestamps are specified, then all login attempts are returned.

JSON response:

{"DSX_AUDIT_RECORDS":[
  { "timestamp: timestamp of the log
     status: Notification level of the log (error, warning, info, notice)
     host: host of the nginx instance 
     container: docker container name. 
     log: nginx log containing the DSX_AUDIT_RECORD },
     ...
 ]
 success: boolean
 error_message: error message if success is false
}

All audit records are retained for a default of 10 days before they are automatically deleted. The DSX administrator can modify the log retention settings by clicking Settings from the admin user profile icon and under Refresh and alert settings, typing in a new duration in the Log retention (days) field. Recommendation: The admin should download the user login audit records using the REST API periodically, before they are automatically deleted for long term storage, for example, QRadar.