Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated workflow

Internal_display_only

Add_workflow_for_techpubs
AUTH1sbsarkareyoustra
REV5bscoggins
REV6bscoggins
REV3nnguyenjgarach
REV1aross
REV2cjohn

Panel

In this Section:

Table of Contents

Panel

Related Articles:

Children Display

jmulcock

Use this window to enable or disable platform audit logging which records

This object allows you to:

Enable the Platform Audit logs to record all

administrative, privileged, and security actions.

  • Push the audit logs to a remote server by specifying the following:
    • Remote host IP address
    • Port number
    • Protocol type
  • When these fields are configured and the state of the object Platform Audit Logs is enabled, the /etc/rsyslog.conf file of the SBC is automatically configured to send the audit logs to the remote server. The SBC automatically adds an Access Control List (ACL) rule to send the audit logs through the application layer to the remote server.

    Info
    titleNote
    • The ACL rule is removed automatically from the default ACL rules when the object Platform Audit Logs is disabled.
    • For a High Availability (HA) pair, the /etc/rsyslog.conf file is updated both on the Active and the Standby SBCs to push the audit logs to the remote server.

     

    To View and Edit Platform Audit Logs

    On On the SBC main screen, go to All > OAM > Event Log > Platform Audit Logs. The Platform Audit Logs window is displayed.

    Caption
    0Figure
    1Event Logs - Platform Audit Logs Window

    Image Modified

    The following fields are displayed:

    Caption
    0Table
    1Event Log - Platform Audit Logs

    Parameter

    Description

    State

    When enabled. the Platform Audit Logs gets enabled to record all the administrative, privileged, and security actions. The options are:

    • Disabled (default)
    • Enabled
    Audit Log Remote Host
    Indicates the IPv4 or IPv6 address (1-256 characters) of the remote server.
    • IPv4 (default - 0.0.0.0)
    • IPv6 (default - ::)
    NOTE: When the IPv4 or IPv6 address is configured to “0.0.0.0” or “::" respectively, the SBC does not send the audit logs to the remote server.
    Audit Log PortIndicates the port number (1-65535) used to send the audit logs to the remote server. (default=514)
    Audit Log Protocol Type

    Indicates the protocol type used to send the audit logs to the remote server.

    The options are:

    • Relp
    • TCP (default)
    • UDP

     

     

    The logging is disabled by default. Once enabled, the SBC starts generating Platform Audit Logsaudit logs.

    To view the Platform Audit Logs, execute the following steps:

    On

    audit logs, from the SBC main screen, navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs.

    The Audit Logs window, containing the Search Audit Logs pane, is displayed.
  • Select the radio button corresponding to Platform Audit Logs option.

    Caption
    0Figure
    1Platform Audit Logs

    Image Removed

  •  

     For more information on the search and filtering tools offered in the Search Audit Logs pane, refer to Troubleshooting Tools - Search Audit Logs.

    Pagebreak