Versions Compared

Old Version 4

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 5

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Noprint
Panel
borderColorblack
bgColororange
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleInternal Important Info for Authors/Reviewers

For 6.2.0 - Review this page based on the ICD SBX-43651 SBC Supports Pushing Audit Records to Remote Server Using rsyslog.conf File.

Image Library - _OAM_EventLog

Add_workflow_for_techpubs
AUTH1sbsarkar
REV5bscoggins
REV6bscoggins
REV3nnguyen
REV1aross
REV2cjohn

Panel

In this Section:

Table of Contents

Panel

Related Articles:

Children Display

This object allows you to:

  • Enable

...

  • the Platform Audit logs to record all administrative, privileged, and security actions.
  • Push the audit logs to a remote server by specifying the following:
    • Remote host IP address
    • Port number
    • Protocol type

When these fields are configured and the state of the object Platform Audit Logs is enabled, the /etc/rsyslog.conf file of the SBC is automatically configured to send the audit logs to the remote server. The SBC automatically adds an Access Control List (ACL) rule to send the audit logs through the application layer to the remote server.

Info
titleNote
  • The ACL rule is removed automatically from the default ACL rules when the object Platform Audit Logs is disabled.
  • For a High Availability (HA) pair, the /etc/rsyslog.conf file is updated both on the Active and the Standby SBCs to push the audit logs to the remote server.

 

To View and Edit Platform Audit Logs

On SBC main screen, go to All > OAM > Event Log > Platform Audit Logs. The Platform Audit Logs window is displayed.

Caption
0Figure
1Event Logs - Platform Audit Logs

Image Modified

The following

...

fields are displayed:

Caption
0Table
1Event Log - Platform Audit Logs

Parameter

Description

State

When enabled. the Platform Audit Logs gets enabled to record all the administrative, privileged, and security actions. The options are:

  • Disabled (default)
  • Enabled
Audit Log Remote Host
Indicates the IPv4 or IPv6 address (1-256 characters) of the remote server.
  • IPv4 (default - 0.0.0.0)
  • IPv6 (default - ::)
NOTE: When the IPv4 or IPv6 address is configured to “0.0.0.0” or “::" respectively, the SBC does not send the audit logs to the remote server.
Audit Log PortIndicates the port number (1-65535) used to send the audit logs to the remote server. (default=514)
Audit Log Protocol Type

Indicates the protocol type used to send the audit logs to the remote server.

The options are:

  • Relp
  • TCP (default)
  • UDP

 

Once enabled, the SBC starts generating Platform Audit Logs.

To view the Platform Audit Logs, execute the following steps:

  1. On the SBC main screen, navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window, containing the Search Audit Logs pane, is displayed.

  2. Select the radio button corresponding to Platform Audit Logs option.

    Caption
    0Figure
    1Platform Audit Logs

    Image Modified

For

...

more information on the search and filtering tools offered in the Search Audit Logs pane, refer to Troubleshooting Tools - Search Audit Logs.

Pagebreak