Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cloudappliance/syslog [2020_04_30 12:54] – dan | cloudappliance:syslog [2024_02_28 01:03] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== Audit Event Logs ====== |
- | == last edited on: April 30, 2020 == | + | == last edited on: Sep. 14, 2022 == |
- | + | ||
- | File Fabric audit logs are event logs that are generated based on file events that occur through the File Fabric API's and additionally on discovery of multi-cloud files through meta-data synchronization events. | + | |
+ | Audit events track important activity within the system including file events, permission changes and configuration information. Events may be initiated by users, or they may be generated from system events including background tasks and synchronization events. | ||
The Audit logs are available when logged in as the tenant Admin from the Audit Reports section of the Admin options. | The Audit logs are available when logged in as the tenant Admin from the Audit Reports section of the Admin options. | ||
Line 9: | Line 8: | ||
Audit logs can be filtered, archived, and/or exported. | Audit logs can be filtered, archived, and/or exported. | ||
- | Audit logs can capture information that is specific to a tenant user, but also file sharing information such as the remote IP address of users accessing file shares. System tasks can also be captured by the audit event logs, dependent on the granularity that has been set. Audit events that have an IP address of 1.1.1.1 are system generated events, that may or may not be based on user interaction. | + | Audit logs can capture information that is specific to a tenant user but also file sharing information such as the remote IP address of users accessing file shares. System tasks can also be captured by the audit event logs, dependent on the granularity that has been set. Audit events that have an IP address of 1.1.1.1 are system-generated events, that may or may not be based on user interaction. |
If you want to enable the Audit logs to be accessible from the base OS then you can configure the logs to be output to syslog and they will be available in both places. | If you want to enable the Audit logs to be accessible from the base OS then you can configure the logs to be output to syslog and they will be available in both places. | ||
- | To enable audit logs see [[governance#step4]] | + | To enable audit logs see [[:governance|step 4]]. |
- | To view and export audit logs see [[governance#step5]] | + | To view and export audit logs see [[:governance|step 5]]. |
- | ==== Writing | + | ==== Writing Audit Event Logs to syslog ==== |
=== Step 1 - Appliance Admin Setting === | === Step 1 - Appliance Admin Setting === | ||
- | syslog is a standard for message logging. It allows separation of the software that generates messages and is often used from a software perspective for security audit logging. Such messags | + | syslog is a standard for message logging. It allows separation of the software that generates messages and is often used from a software perspective for security audit logging. Such messages |
- | Splunk is widely used among enterprise security teams for breach investigations. Enabling syslog provides the ability to feed audit events into Splunk, enabling | + | Splunk is widely used among enterprise security teams for breach investigations. Enabling syslog provides the ability to feed audit events into Splunk, enabling |
The syslog functionality can be enabled by logging in as appladmin, going to Site Functionality and setting " | The syslog functionality can be enabled by logging in as appladmin, going to Site Functionality and setting " | ||
+ | |||
+ | {{:: | ||
=== Step 2 - Organization Admin Setting === | === Step 2 - Organization Admin Setting === | ||
- | Login as org admin to your account and from the Menu on right hand side goto Options | + | Login as org admin to your account and from the Organization |
+ | |||
+ | {{:: | ||
+ | |||
+ | The audit logs now will be written to '' | ||
- | ==== Sending | + | ==== Sending syslog Entries to rsyslog Service ==== |
- | === File Fabric | + | === Appliance: === |
SSH in as '' | SSH in as '' |