Creating a System Audit
The system audit file includes all records in the audit log between the timestamps defined by the Service Administrator. By default, From displays the earliest timestamp in the audit log and cannot be changed. The Service Administrator can select the To timestamp to control the range for the system audit.
Caution:
When creating the system audit file, you can choose an option to remove all entries for the selected system audit file from the audit logs after they have been extracted. Because the entries have been removed, the new From timestamp for all entries changes to the first timestamp after the removed entries. For example, if you remove all entries up to Mar 16th, the new From timestamp becomes March 17.
To create a System Audit log: