Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

...

Multiexcerpt

...

borderColorgreen
bgColortransparent
borderWidth2

...

Back to Table of Contents

Back to Troubleshooting

Back to Troubleshooting - Troubleshooting Tools

The Audit Logs are system audit data. These files contain a record of all management interactions that modify the state of the system, and includes all the changes made via EMA, EMS and CLI interfaces. These files use .AUD extensions. The logs are generated and stored at Log Management.

MultiExcerptNameAudit_Logs_Overview

Overview

The SBC Core supports multiple event log types. The two most applicable SBC security-related event log types are the Security and Audit logs.

  • Security logs include IP Policer alarms and failed login attempts.
  • Audit logs include login and logout information, plus any configuration changes executed.

Sonus recommends setting the Filter Level for those two event types to Info-level logging for maximum security visibility.

Code Block
set oam eventLog typeAdmin audit filterLevel info
set oam eventLog typeAdmin security filterLevel info
commit

 

Downloading/Deleting Event Log Files

Info
titleinfo

Refer to Log Management to download and/or delete SBC event log files.

Viewing/Filtering Audit Log Files

The SBC is capable of collecting two types of Audit logs:

  • Platform Audit Logs: These logs contain information about administrative, privileged, and security actions.

    Info
    titleInfo

    Refer to OAM - Event Audit Log - Platform Audit Logs to enable/disable logging.

  • Event Audit Logs: These logs contain information about the non-administrative events that are triggered by user interaction or internal programs in the SBC.
Note
iconfalse

The SBC stores up to 512 records for each of the above log types.

 

To view and/or filter Platform and Event audit logs, login to the EMA and navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window displays.

 

From the EMA main screen, navigate On SBC main screen, go to Troubleshooting > Troubleshooting Tools >Search Audit Logs. The Search Audit Log window is displayed.

Caption
0Figure
1Troubleshooting Tools - Search Audit Logs

Image Modified

 

Filters

You can filter the logs to view only the required logs.

Caption
0Figure
1Audit Log Filter

Image Modified


  • Time/Date Range Filter: Time/Date Range filter displays all the logs within the specified time or date duration. A calendar with time is provided as an option for you to select the duration and time for which you want to perform the filter functionality. Click the the Image Modified icon to view the calendar. Select the desired date and time range and click Image Modified.

    Caption
    0Figure
    1Time/Date Range Filter

    Image Modified

  • Name: Name filter displays all the logs with a specified name or part of the name being searched. Enter a value in the Name filter and click Image Modified.

    Caption
    0Figure
    1Name Filter

    Image Modified

  • Messages: Messages Message filter displays all the logs with a specified message or part of the message being searched. Enter a value in the Message filter and click Image Modified.

    Caption
    0Figure
    1Message Filter

    Image Modified

You can also use the Highlight all text matching functionality to browse through the search results for a keyword. Enter any keyword in the Highlight all text matching field and click Image Modified. All the instances of the keyword are highlighted wherever they occur in the search result.

Caption
0Figure
1Highlight All Text Matching

Image Modified

Note
iconfalse

The Event Audit Logs and the Platform Audit Logs are stored by the SBC. For each type of log, the SBC stores a maximum of 512 records. The logs are available for download or deletion. For further details on downloading, viewing or deleting the logs, refer to Log Management.