Audit Log Viewer displays the contents of the audit log. The audit log contains a record of security related events, such as logins, session starts, session ends, new user additions, and password attempts/retries/changes. Use the following procedure to view the Audit Log Viewer information.
Procedure
Log in to the EMS web interface with administrator credentials.
On the toolbar, click Logs > Audit Logs.
The EMS server displays the Audit Log Viewer page.
In the Start Date and End Date fields, you can filter the results that are displayed in a search report to fall within starting and ending dates and times.
In the Keyword field, type one or more words to define the limits of the log report, and click Search.
In the Results section, the EMS server displays the report output.
To see additional details about a particular log line in a report, select the log line.
The EMS server displays the Audit Log Details page.
On the Monitoring & Logging > Syslog Management page, you can set the log level rules for the Audit Log and other logs.
Audit Logging is enabled in the Log Level row for the Audit class and Audit Facility as LOG_LOCAL6.
The Log Level Facility name, LOG_LOCAL6, is reserved for Audit Logging and cannot be changed. The LOG_LOCAL6 file path destination cannot be changed either. The file path is /archive/syslog/ipcs/audit.log.
