Audit Logs

You can use the audit log (containing audit trails) generated by OCSDM to view performed operations information, which includes the time these operations were performed, whether they were successful, and who performed them when they were logged into the system.

Note:

Audit logs contain different information depending on its implementation.

Audit trails include the following information:

• The user who performed the operation.
• What operation was performed by the user.
• When the operation was performed by the user.
• Whether the operation performed by the user was successful or failed.

View and Save an Audit Log

The audit log tracks user-initiated events. The following list describes some examples of user events that are audit logged in OCSDM:

• User logins and logouts.
• Managed devices are added.
• Device groups are added.
• Oracle Communications Session Delivery products are loaded.
• An element is added, deleted, or modified.
• A device is rebooted.
• Configurations are saved or activated.

1. Expand the Security Manager slider and select Audit log, View.
2. In the Audit log pane, view the following columns:

   Username field	The name of the user who performed the operation.
   Time field	The time stamp for when the operation was performed by the user.
   Category field	The category of operation performed by the user. For example, Authentication.
   Operation field	The specific operation performed by the user.
   Status field	The status of the operation performed by the user, whether it was successful or failed.
   Device field	The name of the device that the user performed an operation upon.
   Network function field	The NF name.
   Management Server field	(Hidden) The IP address of the management server accessed.
   Client IP field	(Hidden) The IP address of the client that was used.
   Description field	(Hidden) The description of the operation performed.
   Sequence number field	(Hidden) The audit log reference number.

3. To see details for a specific user entry, select an entry row in the table and click Details or double-click the row.
   In the Audit log details dialog box, the information described in the table above is displayed for the specified user entry.
4. Click OK.
5. Click Save to file to open the audit log file or save it to a file.

   Note:

   The downloaded CSV file is limited to 500 entries. Only the active page’s entries are saved.

Search the Audit Log

1. Expand the Security Manager slider and select Audit log, View.
2. In the Audit log pane, select an entry row in the table and click Search.
3. In the Audit Log Search dialog box, complete some or all of the following fields to search the audit log:

   Username field	Choose the name of the user who performed the operation.
   Category drop-down list	Choose the category of operation performed by the user. For example, Authentication.
   Operation box	Chose the specific operation performed by the user.
   Management Server	The IP address of the management server accessed.
   Client IP	The IP address of the client that was used.
   Device	The name of the device that the user performed an operation upon.
   Status	The status of the operation performed by the user, whether it was successful or failed.
   Start Time	Choose a start time from the calendar.
   End Time	Choose an end time from the calendar.

4. Click OK.

Schedule Audit Log Files to be Purged Automatically

1. Expand the Security Manager slider and select Audit log, Purge.
2. In the Purge audit logs pane, specify the number of days of audit logs to keep in the Interval in days field. The minimum configurable value is 2 days. The maximum number of days that the audit logs can be retained is 90 days. If you specify a number less than 2 days or greater than 90 days, an error message is displayed.
3. Click Apply.

Purge Audit Log Files Manually

1. Expand the Security Manager slider and select Audit log, Purge.
2. In the Manual Audit log purge dialog box, click the calendar icon next to the Purge audit log records prior to field and choose the date from the calendar prior to which you want the audit logs to be purged.

   Note:

   The Manual Purge checks for the interval set in Interval in days field in the Schedule Audit Log Files to be Purged Automatically. The manual purge date must be a date that occurs between the current date and (current date – purge interval). If you try to set the purge interval to a date that occurs between current date and (current date – purge interval) then an error message is displayed.
3. Click OK.

   Note:

   It is recommended that you set the purge interval to a value less than or equal to 90 before upgrading SDM from a release before 8.2.3 to the latest version.