Versions Compared

Old Version 8

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 9

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update filter level information

 

Add_workflow_for_techpubs
AUTH1
JIRAIDAUTHSBX-70104
REV5
REV6
REV3
REV1
Multiexcerpt
MultiExcerptNameAudit_Logs_Overview

Overview

The SBC Core supports multiple event log types. The two most applicable SBC security-related event log types are the Security and Audit logs.

  • Security logs include IP Policer alarms and failed login attempts.
  • Audit logs include login and logout information, plus any configuration changes executed.
Info
titleNote

JITC requires the audit (.AUD) and security (.SEC) logs to be cryptographically protected. Since both logs are required to be hashed, this functionality is extended to support the hashing of all Event Logs on the SBC.

The Filter Level for the audit event type is always set to Info-level logging and cannot be altered. Ribbon Sonus recommends setting the Filter Level for those two the security event types type to Info-level logging for maximum security visibility.

Code Block
set oam eventLog typeAdmin audit filterLevel info
set oam eventLog typeAdmin security filterLevel info
commit
 
Downloading/Deleting Event Log Files
 Info
titleinfoNote
Refer to Log Management to download and/or delete SBC event log files.
Viewing/Filtering Audit Log Files
The SBC is capable of collecting two types of Audit logs:
  • Platform Audit Logs: These logs contain information about administrative, privileged, and security actions.
     Info
    titleInfoNote
    Refer to OAM - Event Audit Log - Platform Audit Logs to enable/disable logging.
  • Event Audit Logs: These logs contain information about the non-administrative events that are triggered by user interaction or internal programs in the SBC.
 Noteinfo
icontitlefalseNote
The SBC stores up to 512 records for each of the above log types.
 
To view and/or filter Platform and Event audit logs, login to the EMA and navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window displays.
 
...
 Caption
0Figure
1Highlight All Text Matching
 Noteinfo
icontitlefalseNote
The Event Audit Logs and the Platform Audit Logs are stored by the SBC. For each type of log, the SBC stores a maximum of 512 records. The logs are available for download or deletion. For further details on downloading, viewing or deleting the logs, refer to Log Management.