Working with the audit logs
Cisco TelePresence ISDN Gateways v2.0 Online help (Printable format)
95 of 116
Working with the audit logs
The audit log records any user action on the ISDN gateway which might compromise the security of
the unit, of its functions, or of the network.
By enabling auditing, all network settings, security settings, creation/deletion of dial plans and any
changes to the audit log itself are logged on the ISDN gateway.
All relevant actions on the ISDN gateway are logged, including those made through the serial console,
a supervisor blade (for MSE blades), the API, FTP, and the web interface. The module that has
caused a log is listed within the details of that log and will be one of:
Web
: For configuration changes made through the web interface.
Serial
: For configuration changes made through the serial interface.
API
: For configuration changes made through the API.
Supervisor
: For configuration changes made through the Supervisor Blade (only applies to
MSE blades).
System
: For audit messages from the ISDN gateway.
FTP
: For audit messages recording requests made to the ISDN gateway over FTP.
Each log also has a severity associated with it (Error, Severe Warning, Warning, Info, or Status
Warning).
You must enable the audit log for it to record these actions.
To enable and view the audit log, go to
Logs
and select the
Audit log
tab.
Audit log
The last 2000 audit messages generated by the ISDN gateway are displayed in the Audit log page.
The last 200,000 audit messages are stored on the compact flash. You can only view the last 2000
through the web interface, but you can download all stored audit messages (up to the 200,000) as
XML.
You can delete audit messages, but you cannot delete the most recent 400 audit messages. If you
delete any audit messages, that will be audited in a new audit message.
You cannot send the audit log to a syslog server.