Overview

The SBC Core supports multiple event log types. The two most applicable SBC security-related event log types are the Security and Audit logs.

  • Security logs include IP Policer alarms and failed login attempts.
  • Audit logs include login and logout information, plus any configuration changes executed.
Note

JITC requires the audit (.AUD) and security (.SEC) logs to be cryptographically protected. Since both logs are required to be hashed, this functionality is extended to support the hashing of all Event Logs on the SBC.

Note

The audit log generates all output at the Info level and is unalterable.


The Filter Level for the audit event type is always set to Info-level logging and cannot be altered. Ribbon recommends setting the Filter Level for the security event type to Info-level logging for maximum security visibility.

set oam eventLog typeAdmin security filterLevel info
commit

Downloading/Deleting Event Log Files

Note

Refer to Log Management to download and/or delete SBC event log files.

Viewing/Filtering Audit Log Files

The SBC is capable of collecting two types of Audit logs:

  • Platform Audit Logs: These logs contain information about administrative, privileged, and security actions.

    Note

    Refer to OAM - Event Audit Log - Platform Audit Logs to enable/disable logging.

  • Event Audit Logs: These logs contain information about the non-administrative events that are triggered by user interaction or internal programs in the SBC.
Note

The SBC stores up to 512 records for each of the above log types.


To view and/or filter Platform and Event audit logs, login to the EMA and navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window displays.


From the EMA main screen, navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Search Audit Log window is displayed.

Figure 1: Troubleshooting Tools - Search Audit Logs

Filters

You can filter the logs to view only the required logs.

  • Time/Date Range Filter: Time/Date Range filter displays all the logs within the specified time or date duration. A calendar with time is provided as an option for you to select the duration and time for which you want to perform the filter functionality. Click the  icon to view the calendar. Select the desired date and time range and click .
    Figure 2: Time/Date Range Filter


  • Name: Name filter displays all the logs with a specified name or part of the name being searched. Enter a value in the Name filter and click .
    Figure 3: Name Filter

  • Messages: Message filter displays all the logs with a specified message or part of the message being searched. Enter a value in the Message filter and click .
    Figure 4: Message Filter

You can also use the Highlight all text matching functionality to browse through the search results for a keyword. Enter any keyword in the Highlight all text matching field and click . All the instances of the keyword are highlighted wherever they occur in the search result.

Figure 5: Highlight All Text Matching


Note

The Event Audit Logs and the Platform Audit Logs are stored by the SBC. For each type of log, the SBC stores a maximum of 512 records. The logs are available for download or deletion. For further details on downloading, viewing or deleting the logs, refer to Log Management.







  • No labels