Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



Audit Logs Format

New Member
Posts: 2
2288     0

I am working on some analysis on audit.log file, as per the documentation:, it shows different formats for logs, one which is seen at the majority of places is of form - <timestamp user action object objectname message>, but some seem to have different formats, like some being Quotas and GSS-TSIG.




I wanted to ask two questions:

1) If I am getting logs in syslog, then it has various other logs as well like DHCPD, DNS, and other information, for dhcpd, if i have string dhcpd in the log, I can classify it as dhcpd log and for threat protect if it is in the log, then it could be classified as threat protect log. If I want to figure out whether a particular log is from audit.log, is there anyway, which by looking into a log, can tell me that this log is from audit.log.


2) If I see audit.log in grid manager, I can see all values divided into columns but for events like Quotas and GSS-TSIG, how does they look into that, as it doesn't have all information as seen from its message in this link:

So is there a standard format that could help me to find values based on the fields from audit.log file, as in something like this: <timestamp user action object objectname message>

Showing results for 
Search instead for 
Did you mean: 

Recommended for You