In this Section:

This object allows you to:

  • Enable the Platform Audit logs to record all administrative, privileged, and security actions.
  • Push the audit logs to a remote server by specifying the following:
    • Remote host IP address
    • Port number
    • Protocol type

When these fields are configured and the state of the object Platform Audit Logs is enabled, the /etc/rsyslog.conf file of the SBC is automatically configured to send the audit logs to the remote server. The SBC automatically adds an Access Control List (ACL) rule to send the audit logs through the application layer to the remote server.

Note
  • The ACL rule is removed automatically from the default ACL rules when the object Platform Audit Logs is disabled.
  • For a High Availability (HA) pair, the /etc/rsyslog.conf file is updated both on the Active and the Standby SBCs to push the audit logs to the remote server.

 

To View and Edit Platform Audit Logs

On SBC main screen, go to All > OAM > Event Log > Platform Audit Logs. The Platform Audit Logs window is displayed.

Event Logs - Platform Audit Logs

The following fields are displayed:

Event Log - Platform Audit Logs

Parameter

Description

State

When enabled. the Platform Audit Logs gets enabled to record all the administrative, privileged, and security actions. The options are:

  • Disabled (default)
  • Enabled
Audit Log Remote Host
Indicates the IPv4 or IPv6 address (1-256 characters) of the remote server.
  • IPv4 (default - 0.0.0.0)
  • IPv6 (default - ::)
NOTE: When the IPv4 or IPv6 address is configured to “0.0.0.0” or “::" respectively, the SBC does not send the audit logs to the remote server.
Audit Log PortIndicates the port number (1-65535) used to send the audit logs to the remote server. (default=514)
Audit Log Protocol Type

Indicates the protocol type used to send the audit logs to the remote server.

The options are:

  • Relp
  • TCP (default)
  • UDP

 

Once enabled, the SBC starts generating Platform Audit Logs.

To view the Platform Audit Logs, execute the following steps:

  1. On the SBC main screen, navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window, containing the Search Audit Logs pane, is displayed.
  2. Select the radio button corresponding to Platform Audit Logs option.

    Platform Audit Logs

For more information on the search and filtering tools offered in the Search Audit Logs pane, refer to Troubleshooting Tools - Search Audit Logs.