Working with Audit Logs

• Overview

• Audit Events

• Access and View Audit Logs

• Search for an Audit Log

• View Audit Log Details

• Working with Audit Logs

• Using Filters to Find an Audit Log

Overview

The Audit Log screen table displays activities taken in the system such as policy changes, playbook changes, etc., and enables you to view and filter this information.

Audit Events

• Audit Log events queue in RabbitMQ and then move to the database.

• The event then continues to Audit Log Table.

• The Audit Log does not retain non-functional event types.

• The event state must be successful to be recorded.

• Any event that fails is removed from the Audit Log.

• When the Type filter uses only event types triggered in SDP, they are displayed on the Audit Log screen.

  • See the Using Filters to Find an Audit Log section.

Access and View Audit Logs

Access to the Audit Log

• Audit log access is limited to selected users and roles.

• To have Audit Log access, an Administrator must select the setting Manage in the Manage Administrative Settings area for the user.

• The Audit Log is only available to users with this setting assigned to their role.

View Audit Logs

1. From the left menu, click Reports.
   

2. Click Audit Log.
   

3. The Audit Log table displays these columns:

   • Account Name

   • Date/Time

   • Type

   • Action Type

   • Location

   • Description

   • More Options menu (3 vertical dots)
     

4. Click a column to sort ascending.
   

5. Click the column again to sort descending.
   

Search for an Audit Log

You can search for a log by Account Name, Action Type, and Location.

To search for a log:

1. Type in the name of the log in the Search entry field.
   

2. Click the Search icon or click Enter.

3. The result displays.

4. Click the x to clear the search.

View Audit Log Details

To view the details of an Audit Log:

Locate the log you want to view in the Audit Log list.

5. Click the More Options menu at the end of the column.
   

6. Click View Details.
   

7. The Log Details window opens.
   

8. Click Close to close the window and return to the previous screen.

Using Filters to Find an Audit Log

Note: The Type filter only uses and displays event types triggered in SDP.

To use the filter feature to find an Audit Log based on specific criteria:

1. In the upper left of the screen, go to the Filters.

2. For the selection criteria, select one or more items from the list of filters.

   • IP Address

   • For audits, the user's IP Address is preferred.

   • Date/Time

   • Type

   • Action Type

   • Location

   • Description

3. Click Apply to apply the filter to the Audit Log list.
   

4. Click Clear and then click Apply to remove the filter.