Help contents > Advanced topics > Working with the audit logs

Search/Print  一覧

Working with the audit logs

The audit log records any user action on the MCU which might compromise the security of the unit, of its functions, or of the network.

By enabling auditing, all network settings, conference settings, security settings, creation/deletion of conferences, and any changes to the audit log itself are logged on the MCU.

All relevant actions on the MCU are logged, including those made through the serial console, a supervisor blade (for MSE blades), the API, FTP, and the web interface. The module that has caused a log is listed within the details of that log and will be one of:

• Web: For configuration changes made through the web interface.
• Serial: For configuration changes made through the serial interface.
• API: For configuration changes made through the API.
• Supervisor: For configuration changes made through the Supervisor Blade (only applies to MSE blades).
• System: For audit messages from the MCU.
• FTP: For audit messages recording requests made to the MCU over FTP.

Each log also has a severity associated with it (Error, Severe Warning, Warning, Info, or Status Warning).

You must enable the audit log for it to record these actions.

To enable and view the audit log, go to Logs and select the Audit log tab.

Audit log

The last 2000 audit messages generated by the MCU are displayed in the Audit log page.

The last 100,000 audit messages are stored on the compact flash if there is one; otherwise, the last 100,000 audit messages are stored internally. You can only view the last 2000 through the web interface, but you can download all stored audit messages (up to the 100,000) as XML.

You can delete audit messages, but you cannot delete the most recent 400 audit messages. If you delete any audit messages, that will be audited in a new audit message.

You cannot send the audit log to a syslog server.

Related topics

• Configuring security settings
• Understanding security warnings