An audit log is a record of events and changes in the system. It allows the admin to monitor changes to the tenant and contains information about changes to the system and log in attempts to the Management Console.
In Axis, the audit log tracks the following information, which can be sent to log streaming:
Changes to Axis entities. These include applications, connectors, IdPs, Device Postures and more. The logs denote creation, deletion and updates.
Log in to the Management Console.
Push changes. Every time the admin clicks Apply Changes on the top right corner.
User password change in the Axis IdP. When users change their password for the Axis IdP in the User Portal.
Timestamp- the date and time in which the event had occurred.
Action- the action performed by the admin in the Management Console or Admin API on various objects. The actions tracked are:
- Apply Changes
- Log in
Object Type- the object or entity upon which the user performed an action. The objects tracked are:
- API token
- Application Tag
- Atmos Agent Posture
- Axis IdP User
- Axis IdP user group
- Client Certificate
- Connector Zone
- CrowdStrike Integration
- Device Trust
- Git Profile
- IP Range
- RDP Profile
- Log Streaming
- Time Range
- Network Range
- Portal Design
- SSH Profile
- Web app Profile
- Connector version
Name- the name given to the action, if applicable
Originated by- this field contains either a username or an API token. It logs the entity that initiated the action.
In the Management Console, go to Settings -> Audit Log.
Viewing a Single Log
Click on the information icon ![info] (https://files.readme.io/6fbddbc-Info.png) icon to open a single log.
The detailed logs screen describes the action or changes made, and can be viewed as a summary or a raw format in JSON
Click Raw to view the information in JSON format.
The audit logs can be streamed to one of two SIEMs (Splunk and Syslog) in raw format. Click here to learn more about log streaming.
Updated about 1 year ago