Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

NIOS DNS DHCP IPAM

Reply

Audit Logs Format

Member
Posts: 2
1456     0

I am working on some analysis on audit.log file, as per the documentation: https://docs.infoblox.com/display/nios84/Audit+Log, it shows different formats for logs, one which is seen at the majority of places is of form - <timestamp user action object objectname message>, but some seem to have different formats, like some being Quotas and GSS-TSIG.

 

Reference: 

https://docs.infoblox.com/display/nios84/Monitoring+Tools#MonitoringTools-bookmark2813
https://docs.infoblox.com/display/nios84/Audit+Log

 

I wanted to ask two questions:

1) If I am getting logs in syslog, then it has various other logs as well like DHCPD, DNS, and other information, for dhcpd, if i have string dhcpd in the log, I can classify it as dhcpd log and for threat protect if it is in the log, then it could be classified as threat protect log. If I want to figure out whether a particular log is from audit.log, is there anyway, which by looking into a log, can tell me that this log is from audit.log.

 

2) If I see audit.log in grid manager, I can see all values divided into columns but for events like Quotas and GSS-TSIG, how does they look into that, as it doesn't have all information as seen from its message in this link: https://docs.infoblox.com/display/nios84/Audit+Log

So is there a standard format that could help me to find values based on the fields from audit.log file, as in something like this: <timestamp user action object objectname message>

Showing results for 
Search instead for 
Did you mean: 

Recommended for You