Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.



Audit Logs Format

New Member
Posts: 2
2242     0

I am working on some analysis on audit.log file, as per the documentation:, it shows different formats for logs, one which is seen at the majority of places is of form - <timestamp user action object objectname message>, but some seem to have different formats, like some being Quotas and GSS-TSIG.




I wanted to ask two questions:

1) If I am getting logs in syslog, then it has various other logs as well like DHCPD, DNS, and other information, for dhcpd, if i have string dhcpd in the log, I can classify it as dhcpd log and for threat protect if it is in the log, then it could be classified as threat protect log. If I want to figure out whether a particular log is from audit.log, is there anyway, which by looking into a log, can tell me that this log is from audit.log.


2) If I see audit.log in grid manager, I can see all values divided into columns but for events like Quotas and GSS-TSIG, how does they look into that, as it doesn't have all information as seen from its message in this link:

So is there a standard format that could help me to find values based on the fields from audit.log file, as in something like this: <timestamp user action object objectname message>

Showing results for 
Search instead for 
Did you mean: 

Recommended for You