The Audit Logs are system audit data. These files contain a record of all management interactions that modify the state of the system, and includes all the changes made via EMA, EMS and CLI interfaces. These files use .AUD extensions. The logs are generated and stored at Log Management.
Multiexcerpt |
---|
MultiExcerptName | Audit_Logs_Overview |
---|
|
The SBC Core supports multiple event log types. The two most applicable SBC security-related event log types are the Security and Audit logs. - Security logs include IP Policer alarms and failed login attempts.
- Audit logs include login and logout information, plus any configuration changes executed.
Info |
---|
| JITC requires the audit (.AUD) and security (.SEC) logs to be cryptographically protected. Since both logs are required to be hashed, this functionality is extended to support the hashing of all Event Logs on the SBC. |
Info |
---|
The audit log generates all output at the Info level and is unalterable. |
The Filter Level for the audit event type is always set to Info-level logging and cannot be altered. Ribbon recommends setting the Filter Level for the security event type to Info-level logging for maximum security visibility. Code Block |
---|
set oam eventLog typeAdmin security filterLevel info
commit |
Info |
---|
| Refer to Log Management to download and/or delete SBC event log files. |
The SBC is capable of collecting two types of Audit logs: Info |
---|
| The SBC stores up to 512 records for each of the above log types. |
To view and/or filter Platform and Event audit logs, login to the EMA and navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs. The Audit Logs window displays. |
From the EMA main screen, navigate to Troubleshooting > Troubleshooting Tools >Search Audit Logs. The Search Audit Log window is displayed.
Caption |
---|
0 | Figure |
---|
1 | Troubleshooting Tools - Search Audit Logs |
---|
|
|
Two types of logs are displayed in the table:
...
To view the logs for any particular type, select the corresponding type.
Caption |
---|
0 | Figure |
---|
1 | Platform and Event Audit Log buttons |
---|
|
Image Removed |
Filters
You can filter the logs to view only the required logs.
...
Caption |
---|
0 | Figure |
---|
1 | Highlight All Text Matching |
---|
|
|
Info |
---|
|
The Event Audit Logs and the Platform Audit Logs are stored by the SBC. For each type of log, the SBC stores a maximum of 512 records. The logs are available for download or deletion. For further details on downloading, viewing or deleting the logs, refer to Log Management. |