Skip to main content
Pure1 Support Portal

puremessage

Name

puremessage, puremessage-clear, puremessage-flag, puremessage-list — manage alerts, audit records, and user session logs

Synopsis

puremessage clear ID...

puremessage flag ID...

puremessage list [ --audit | --login | --open ] [ --csv | --nvp ] [--flagged] [--notitle] [--page] [--raw] [--recent] [--timeline] [--user USER] [ID...]

Arguments

ID

A unique, numeric ID assigned by the array to each message.

Options

-h | --help

Can be used with any command or subcommand to display a brief syntax description.

--audit

Lists audit records instead of alert messages.

--flagged

Lists only alert messages that have been flagged.

--login

Lists user session logs instead of alert messages. If used with the --open option, lists only open user sessions (i.e., users who are still logged in).

--open

Lists only open alert messages. Purity closes the alert message after the issue has been resolved.

If used with the --login option, lists only open user sessions (i.e., users who are still logged in).

--recent

Lists only recent messages.

  • An alert is considered recent if the situation that triggered it is unresolved, or has only been resolved within the past 24 hours. For example, if free space falls below 20%, an alert is generated. As long as free space remains below 20%, that alert is considered recent. Once the situation has been resolved, the alert is still considered recent for another 24 hours.

  • An audit record is considered recent if it relates to a command issued within the past 24 hours.

  • A user session log event is considered recent if the login, logout, or authentication event occurred within the past 24 hours.

--timeline

Lists the opened, updated and closed times for alert messages.

--user (with --audit or --login)

Lists only audit or login records for the specified user.

Options that control display format:

--csv

Lists information in comma-separated value (CSV) format. The --csv output can be used for scripting purposes and imported into spreadsheet programs.

--notitle

Lists information without column titles.

--nvp

Lists information in name-value pair (NVP) format, in the form ITEMNAME=VALUE. Argument names and information items are displayed flush left. The --nvp output is designed both for convenient viewing of what might otherwise be wide listings, and for parsing individual items for scripting purposes.

--page

Turns on interactive paging.

--raw

Displays the unformatted version of column titles and data. For example, in the purearray monitor output, the unformatted version of column title us/op (read) is usec_per_read_op. The --raw output is used to sort and filter list results.

Description

Purity generates three types of messages:

  • Alert messages represent exceptional events that have occurred in the Pure Storage array, hardware, or software.

  • Audit trail messages represent administrative actions performed by a Purity user that change the state of the array.

  • User session logs represent user login and authentication events performed in the Purity GUI, Purity CLI, and REST API.

The alert, audit record, and user session messages that appear are retrieved from a list of log entries that are stored on the array. To conserve space, Purity stores a reasonable number of log entries on the array. Older entries are deleted from the log as new entries are added.

To access the complete list of messages, configure the Syslog Server feature to forward all messages to your remote server. Run the purelog setattr --uri command to configure the Syslog Server feature.

Purity assigns a unique numeric ID to each alert, audit trail, and user session event as it is created.

Alerts

An alert represents an exceptional event that has occurred in the Pure Storage array, hardware, or software. The severity of an alert ranges from critical to informational, where critical alerts require immediate attention.

The array automatically flags the following alerts:

  • New Critical and Warning alerts.

  • Existing alerts that have been updated, for example, due to a state change.

  • Alerts that have been closed for less than 24 hours and are being reopened.

Run the puremessage list --flagged command to view alerts that have been automatically flagged by Purity or manually flagged by the user.

Alerts can be manually flagged and unflagged. Run the puremessage flag command to manually flag an alert, and run the puremessage clear command to clear an alert message that has been manually or automatically flagged.

Run the puremessage list command to display a list of alerts. For example,

puremessage list
  ID     Time                   Severity  Category  Code  Component   Name            Event              Expected           Actual
  150  2014-01-31 18:35:19 PST  warning   hardware  15    drive       sh1.bay17       failure            healthy            unrecognized
  152  2014-02-02 15:01:42 PST  critical  array     4     controller  ct1             failure            primary|secondary  not present
  153  2014-02-19 10:49:23 PST  warning   hardware  15    cooling     ct1.fan2        failure            ok                 critical
  445  2014-03-26 19:22:50 PDT  info      array     25    storage     array.capacity  high utilization   < 90.00%           80.14%
  

The puremessage list command displays the following alert information:

ID

Unique number assigned by the array to the alert, audit, or user session event. ID numbers are assigned to messages in chronological ascending order.

Time

Date and time the event occurred to trigger the alert.

Severity

Alert severity, categorized as Critical, Warning, or Info. Critical alerts are typically triggered by service interruptions, major performance issues, or risk of data loss, and require immediate attention. For example, Purity triggers a critical alert if it detects a controller failure.

Warning alerts are of low to medium severity and require attention, though not as urgently as critical alerts. For example, Purity triggers a warning alert if it detects that a flash module or NVRAM module is in an unhealthy state.

Informational (Info) alerts inform users of a general behavior change and require no action. For example, Purity triggers an informational alert when an array exceeds 80% capacity.

Category

Categorizes the alert event as due to an array, hardware, or software issue.

Code

Pure Storage alert code number that identifies the component experiencing the alert event.

Component

General array, hardware or software component experiencing the alert event.

Name

Specific array, hardware or software component experiencing the alert event.

Event

Event that triggered the alert.

Expected

Status that Purity expects.

Actual

Actual status. The event triggers an alert when the actual status does not meet the expected status.

Details

Additional alert details, if any.

Alerts can be open or closed. Open alerts are ones that need to be resolved. Once resolved, Purity closes the alert. Run the puremessage list --open command to view open alerts.

Audit Trail

Audit trail messages represent administrative actions performed by a Purity user that change the state of the array. For example, creating, destroying, or eradicating a volume creates an audit record.

Purity does not flag audit records. Users can, however, run the puremessage flag command to manually flag an audit record, and run the puremessage clear command to clear a flagged record. Run the puremessage list --audit --flagged command to view a list of audit records that have been manually flagged by the user.

The puremessage list command with the --audit option displays a list of audit records. For example,

puremessage list --audit
  ID   Time                     User      Command   Subcommand  Name   Arguments
  250  2014-03-25 03:00:40 PDT  root      purevol   disconnect  vol3   --host host3
  251  2014-03-25 03:00:41 PDT  root      purevol   connect     vol3   --host host3
  252  2014-02-27 12:57:30 PST  pureuser  purehost  setattr     host1  --addwwnlist 21000024FF327CA9
  253  2014-03-15 23:45:42 PDT  os76      purevol   disconnect  vol5   --host host2
  254  2014-02-24 18:56:21 PST  pureuser  purevol   create      vol4   --size 10T
  255  2013-12-09 17:14:14 PST  root      purevol   destroy     vol1
  256  2013-12-09 17:14:23 PST  root      purevol   eradicate   vol1
        

The puremessage list --audit command displays the following audit record details:

ID

Unique number assigned by the array to the alert, audit, or user session event. ID numbers are assigned to messages in chronological ascending order.

Time

Date and time the action occurred to trigger the audit event.

User

Username of the Purity user who issued the command.

Command

Purity CLI command that was issued.

Subcommand

Purity CLI subcommand that was issued.

Name

Name of the object on which the command was issued.

Arguments

Options that were included with the Purity CLI command that was issued.

Run the puremessage list --audit --recent command to view a list of audit records that have issued within the past 24 hours.

Run the puremessage list --audit --user command to view a list of audit records for the specified user.

User Session Logs

User session logs represent user login and authentication events performed in the Purity GUI, Purity CLI, and REST API. For example, logging in to and out of the Purity GUI, attempting to log in to the Purity CLI with an invalid password, or opening a Pure Storage REST API session generates a user session log entry.

The puremessage list command with the --login option displays a list of user login and authentication events. For example,

puremessage list --login
ID  Start Time               End Time                 Interface  User       Location        Event                    Repeats  Method
54  2014-08-14 11:45:00 PDT  2014-08-14 12:00:00 PDT  REST       pureuser   10.124.190.231  API token obtained       1        password
57  2014-08-14 11:45:00 PDT  2014-08-14 12:00:00 PDT  REST       -          10.124.190.231  failed authentication    6        API token
59  2014-08-14 11:45:47 PDT  2014-08-14 11:45:47 PDT  REST       pureuser   10.124.190.231  user session             -        API token
63  2014-08-14 11:45:47 PDT  2014-08-14 11:45:47 PDT  REST       root       10.124.190.231  user session             -        API token
66  2014-08-14 11:45:00 PDT  2014-08-14 12:00:00 PDT  REST       pureuser   10.124.190.231  request without session  2        session
69  2014-08-14 14:55:11 PDT  2014-08-14 15:59:30 PDT  GUI        pureuser   10.123.14.220   user session             -        password
71  2014-08-25 17:25:15 PDT  2014-08-25 19:22:30 PDT  CLI        pureadmin  10.123.13.62    user session             -        public key
75  2014-08-25 19:40:37 PDT  2014-08-25 19:40:37 PDT  CLI        pureuser   127.0.0.1       user session             -        password
        

The puremessage list --login command displays the following user session event information:

ID

Unique number assigned by the array to the alert, audit, or user session event. ID numbers are assigned to messages in chronological ascending order.

Start Time

For user login events, date and time the user logged in to the Purity interface. For authentication events, start time of the time period in which the authentication action occurred.

End Time

For user login events, date and time the user logged out of the Purity interface. For authentication events, end time of the time period in which the authentication action occurred.

Interface

Purity GUI, Purity CLI, or REST API through which the user session event was performed.

User

Username of the Purity user who triggered the user session event.

Location

IP address of the user client connecting to the array.

Event

Event that was triggered. Login events include 'login' and 'user session'. Authentication events include 'failed authentication', 'API token obtained', and 'request without session'.

Repeats

Number of attempts in addition to an initial attempt that a user has performed an authentication action within the start and end time period.

Method

Method by which the user attempted to log in, log out, or authenticate. Methods include 'API token', 'password', and 'public key'.

Run the puremessage list --login --recent command to view a list of user session events that have issued within the past 24 hours.

Run the puremessage list --login --user command to view a list of user session events for the specified user.

Examples

Example 1

puremessage list
      

Displays a list of all alerts that have been generated by a hardware, software, or array event.

Example 2

puremessage list --open
      

Displays a list of all unresolved alerts.

Example 3

puremessage flag 1574
      

Flags message ID 1574.

Example 4

puremessage list --audit --recent
      

Displays a list of all audit records created in the past 24 hours.

Example 5

puremessage list --login --user pureuser
      

Displays a list of user login/logout and authentication events performed by pureuser.

Exceptions

None.

Author

Pure Storage Inc.