Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Noprint
Panel
borderColorblack
bgColororange
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleInternal Important Info for Authors/Reviewers

For 6.2.0 - Review this page based on the ICD SBX-43651 SBC Supports Pushing Audit Records to Remote Server Using rsyslog.conf File.

Image Library - _OAM_EventLog

Add_workflow_for_techpubs
AUTH1sbsarkar
REV5bscoggins
REV6bscoggins
REV3nnguyen
REV1aross
REV2cjohn

Panel

In this Section:

Table of Contents

Panel

Related Articles:

Children Display

This object allows you to:

Enable the Platform Audit logs to record all

Use this window to enable or disable platform audit logging which records administrative, privileged, and security actions.

  • Push the audit logs to a remote server by specifying the following:
    • Remote host IP address
    • Port number
    • Protocol type
  • When these fields are configured and the state of the object Platform Audit Logs is enabled, the /etc/rsyslog.conf file of the SBC is automatically configured to send the audit logs to the remote server. The SBC automatically adds an Access Control List (ACL) rule to send the audit logs through the application layer to the remote server.

    Info
    titleNote
    • The ACL rule is removed automatically from the default ACL rules when the object Platform Audit Logs is disabled.
    • For a High Availability (HA) pair, the /etc/rsyslog.conf file is updated both on the Active and the Standby SBCs to push the audit logs to the remote server.

     

    To View and Edit Platform Audit Logs

    On SBC On the SBC main screen, go to All > OAM > Event Log > Platform Audit Logs. The Platform Audit Logs window is displayed.

    Caption
    0Figure
    1Event Logs - Platform Audit Logs Window

    Image Modified

    The following fields are displayed:

    Caption
    0Table
    1Event Log - Platform Audit Logs

    Parameter

    Description

    State

    When enabled. the Platform Audit Logs gets enabled to record all the administrative, privileged, and security actions. The options are:

    • Disabled (default)
    • Enabled
    Audit Log Remote Host
    Indicates the IPv4 or IPv6 address (1-256 characters) of the remote server.
    • IPv4 (default - 0.0.0.0)
    • IPv6 (default - ::)
    NOTE: When the IPv4 or IPv6 address is configured to “0.0.0.0” or “::" respectively, the SBC does not send the audit logs to the remote server.
    Audit Log PortIndicates the port number (1-65535) used to send the audit logs to the remote server. (default=514)
    Audit Log Protocol Type

    Indicates the protocol type used to send the audit logs to the remote server.

    The options are:

    • Relp
    • TCP (default)
    • UDP

     

     

    The logging is disabled by default. Once enabled, the SBC starts generating Platform Audit Logsaudit logs.

    To view the Platform Audit Logs, execute the following steps:

    On

    audit logs, from the SBC main screen, navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs.

    The Audit Logs window, containing the Search Audit Logs pane, is displayed.
  • Select the radio button corresponding to Platform Audit Logs option.

    Caption
    0Figure
    1Platform Audit Logs

    Image Removed

  •  

     For more information on the search and filtering tools offered in the Search Audit Logs pane, refer to Troubleshooting Tools - Search Audit Logs.

    Pagebreak