DO NOT SHARE THESE DOCS WITH CUSTOMERS!
This is an LA release that will only be provided to a select number of PLM-sanctioned customers (PDFs only). Contact PLM for details.
The SBC Core supports multiple event log types. The two most applicable SBC security-related event log types are the Security and Audit logs. JITC requires the audit (.AUD) and security (.SEC) logs to be cryptographically protected. Since both logs are required to be hashed, this functionality is extended to support the hashing of all Event Logs on the SBC. The audit log generates all output at the Info level and is unalterable. The Filter Level for the audit event type is always set to Info-level logging and cannot be altered. Ribbon recommends setting the Filter Level for the security event type to Info-level logging for maximum security visibility. Refer to Log Management to download and/or delete SBC event log files. The SBC is capable of collecting two types of Audit logs: Platform Audit Logs: These logs contain information about administrative, privileged, and security actions. Refer to OAM - Event Audit Log - Platform Audit Logs to enable/disable logging. The SBC stores up to 512 records for each of the above log types. To view and/or filter Platform and Event audit logs, login to the EMA and navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window displays.Overview
set oam eventLog typeAdmin security filterLevel info
commit
Downloading/Deleting Event Log Files
Viewing/Filtering Audit Log Files
The following example screenshot shows 26 Audit logs displaying in the Audit Logs window.
Refer to Troubleshooting Tools - Search Audit Logs for additional details.