This object allows you to:
Enable the Platform Audit logs
to record all Use this window to enable or disable platform audit logging which records administrative, privileged, and security actions.
Push the audit logs to a remote server by specifying the following:- Remote host IP address
- Port number
- Protocol type
When these fields are configured and the state of the object Platform Audit Logs
is enabled, the /etc/
rsyslog.conf
file of the SBC is automatically configured to send the audit logs to the remote server. The SBC automatically adds an Access Control List (ACL) rule to send the audit logs through the application layer to the remote server.
Info |
---|
|
- The ACL rule is removed automatically from the default ACL rules when the object
Platform Audit Logs is disabled. - For a High Availability (HA) pair, the
/etc/ rsyslog.conf file is updated both on the Active and the Standby SBCs to push the audit logs to the remote server.
|
On SBC On the SBC main screen, go to All > OAM > Event Log > Platform Audit Logs. The Platform Audit Logs window is displayed.
Caption |
---|
0 | Figure |
---|
1 | Event Logs - Platform Audit Logs Window |
---|
|
Image Modified |
The following fields are displayed:
Caption |
---|
0 | Table |
---|
1 | Event Log - Platform Audit Logs |
---|
|
Parameter | Description |
---|
State | When enabled. the Platform Audit Logs gets enabled to record all the administrative, privileged, and security actions. The options are: Disabled (default)Enabled
| Audit Log Remote Host | Indicates the IPv4 or IPv6 address (1-256 characters) of the remote server. IPv4 (default - 0.0.0.0 )IPv6 (default - :: )
NOTE: When the IPv4 or IPv6 address is configured to “0.0.0.0” or “::" respectively, the SBC does not send the audit logs to the remote server. | Audit Log Port | Indicates the port number (1-65535 ) used to send the audit logs to the remote server. (default=514 ) | Audit Log Protocol Type | Indicates the protocol type used to send the audit logs to the remote server. The options are: |
|
The logging is disabled by default. Once enabled, the SBC starts generating Platform Audit Logsaudit logs.
To view the Platform Audit Logs, execute the following steps:
On audit logs, from the SBC main screen, navigate to Troubleshooting > Troubleshooting Tools > Search Audit Logs.
The Audit Logs window, containing the Search Audit Logs pane, is displayed.Select the radio button corresponding to Platform Audit Logs option.
Caption |
---|
0 | Figure |
---|
1 | Platform Audit Logs |
---|
|
Image Removed |
For more information on the search and filtering tools offered in the Search Audit Logs pane, refer to Troubleshooting Tools - Search Audit Logs.