A security audit log is a tamper resistant record of security sensitive occurrences that affect a system. It is used as a deterrent to prevent administrators maliciously or accidentally abusing their privileges when they otherwise have few restrictions. It can also be used to detect malicious activity (e.g. use of a compromised account).
Unlike the existing Event Log, the audit log is mainly aimed for administrators and their auditors.
Security Audit Log Settings
This page is about viewing or configuring the security audit log.
To view or edit Security Audit Log settings:
- Select Application Menu. The menu appears with available applications.
- Select Administration. The application displays at the landing page.
- In the Left Navigation Area, select Security. The Security expands to display list.
- Select Security Audit Log Settings. The existing Security Audit Log Settings display.
- Select Edit and configure the following fields as required:
- Maximum audit log entries - Type the maximum number of audit log entries. There is a minimum value of 1 and a maximum value of 10,000
- Minimum severity - Type the minimum message severity to log to the audit log
- Screenshot: View security audit log setting
- Select Save at the top right corner.
Viewing Security Audit Log
To view Security Audit log:
- Select Application Menu. The menu appears with available applications.
- Select Administration. The application displays at the landing page.
- In the Left Navigation Area, select Security. The Security expands to display list.
- Select Security Audit Log. The Security Audit Log displays.
Screenshot: View security audit log
- The entries are sorted by Date Time by default with most recent events first
- Custom formatting shows error entries in red and warnings in yellow
- Customers can use the export feature to get a downloadable copy
- Auditors can periodically download the audit log and clear it
Security Audit Log Messages
The following security events are captured in the security audit log. Messages include whether the event was successful, or failed, along with relevant details.
Record change events can be logged using Record Auditing, not security audit messages.
Security Event | Notes |
|---|---|
| User account creation | |
| User account deletion | |
| User account rename | |
| User account expiry | This is logged at the first attempt to use the expired account, not the actual time of expiry. |
| User account password change | |
| Change user account expiration | |
| Change of user account status | |
| Locked user account | Logged when a user has too many incorrect attempts. |
| Logon | |
| Logoff | Not all logoffs may be audited, since a user may not explicitly log off. |
| User role creation | |
| User role deletion | |
| User role rename | |
| User role membership change | |
| Application creation | |
| Application deletion | |
| Application deployment | |
| Application publish | |
| Password policy change | |
| Access rule creation | |
| Access rule enabling | |
| Access rule query change | |
| Access rule permission change | |
| Access rule deletion | |
| Tenant rollback |