Page History

Overview

The SBC Core supports multiple event log types. The two most applicable SBC security-related event log types are the Security and Audit logs.

• Security logs include IP Policer alarms and failed login attempts.
• Audit logs include login and logout information, plus any configuration changes executed.

The Filter Level for the audit event type is always set to Info-level logging and cannot be altered. Ribbon recommends setting the Filter Level for the security event type to Info-level logging for maximum security visibility.

set oam eventLog typeAdmin security filterLevel info
commit

Downloading/Deleting Event Log Files

Viewing/Filtering Audit Log Files

The SBC is capable of collecting two types of Audit logs:

• Platform Audit Logs: These logs contain information about administrative, privileged, and security actions.

  Info
  title Note
  Refer to OAM - Event Audit Log - Platform Audit Logs to enable/disable logging.

• Event Audit Logs: These logs contain information about the non-administrative events that are triggered by user interaction or internal programs in the SBC.

To view and/or filter Platform and Event audit logs, login to the EMA and navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window displays.