The audit log keeps track of device user activity that might have security implications.
This activity includes user attempts (successful and unsuccessful) to do the following:
- Change user information
- Change device configuration
- Gain access to controlled areas (including the audit log)
- Update system software and attack protection filter packages
- Change filter settings
 |
NoteFor TPS devices, users must have at least
Administrator access level to view, reset, and download the audit log. For IPS
devices, SuperUser access level is required.
|
| Heading | Description |
| ID | The ID of the alert in the log. |
| Time | The time of the alert added to the log. |
| Access Level | The access level of user causing the alert. Can include SMS for the system, SuperUser, and so on. |
| Interface | The interface used that generated the alert or event: WEB or SYS. |
| IP Address | The IP address of the system that generated the alert or event. |
| Component | The component affected by the alert or event, such as report, policy, and OAM. |
| Result | The result of the event, such as PASS for successful. |
| User | The user account causing the alert. |
| Message | The description of the alert. |
When you view the log, the user listed for the logged events might include SMS and
CLI. These
entries are entered by those applications into the audit log, as a SuperUser level
of
access.