Open topic with navigation

Logs

This topic applies to both Software Logger and the Logger Appliance.

Your system can generate audit logs at the application and platform levels. Use the Logs sub-menu to search audit logs.

Audit Logs

Your system’s audit logs are available for viewing. Audit logs, as Common Event Format (CEF) audit events, can be sent to ArcSight ESM directly for analysis and correlation. For information about forwarding audit events, see Audit Forwarding.

To view audit logs:

  1. Click System Admin from the top-level menu bar.
  2. Click Audit Logs in the Logs section.
  3. Select the date and time range for which you want to obtain the log.
  4. (Optional) To refine the audit log search, specify a string in the Description field and a user name in the User field. When a description string is specified, only logs whose Description field contains the string are displayed. Similarly, when a user is specified, only logs whose User field contains the username are displayed.
  5. Click Search.
    6. Note: Logger will display the following users to describe the following activity:
    System: No user interaction tasks.
    Unknown: System tasks like updates and startups.

Audit Forwarding

You can forward audit events to a TH or ArcSight ESM for correlation and analysis. For a list of audit events that you can forward, see Application Events.

When you create a TH Destination, the Connector Name value is the name of the agent that OBC creates to point the destination. The Connector Names associated with your TH and ESM Destinations will appear in the audit forwarding list with no distinction from each other.

To forward audit events to specific ESM or TH destinations:

  1. Click System Admin from the top-level menu bar.
  2. Click Audit Forwarding in the Logs section.

  3. Select destinations from the Available Destinations list and click the right arrow icon () to move the selected destination to the Selected Destinations list.

    You can select multiple destinations at the same time and move them, or you can move all available destinations by clicking the () icon.

  4. Click Save Settings.