1. Installation and Administration Guide
  2. Monitor KMAs
  3. View and Export Audit Logs

View and Export Audit Logs

Audit logs provide information on KMA activity.

Available to: All roles, Auditor and Compliance Officer (can view Agent History, Data Unit History, Data Unit Key History)
  1. From the System Management menu, select Audit Event List. See Filter Lists to filter the list.
  2. To view detailed information, select an Audit Log entry in the list, and then click Details... (or double-click the entry).
  3. To export a report, select Save Report... from the View menu (or press Ctrl-S).
  4. Click Start to initiate the export. If you have filtered the entries in the Audit Event List screen, only those entries are exported. Otherwise, all audit events are exported.

Audit Log - Field Descriptions

The following are descriptions of the fields found within audit logs.

  • Created Date - Date and time that the Audit Event was created.
  • Operation - The operation that resulted in the creation of the Audit Event record.
  • Severity - Indicates the severity of the condition if the operation was not successful. Possible values are Success (no error), Warning, or Error. If the Severity value is Error, the KMA that generated the event also issues an SNMP inform message with the event details.
  • Condition - Indicates whether the operation was successful or not. Errors are highlighted in red. Warnings are highlighted in yellow. If you hover the cursor over an error message, a more detailed description of the error is displayed. If the Condition value is Server Busy, the KMA that generated the event also issues an SNMP inform message with the event details.
  • Event Message - Detailed information of the Audit Event entry.
  • Entity ID - If this Audit Event is generated in response to an operation requested by a user, agent, or peer KMA, then this field displays the user-specified identifier of that entity. Otherwise, this field is blank.
  • Entity Network Address - If this Audit Event is generated in response to an operation requested by a user, agent, or peer KMA, then this field displays the network address of that entity. Otherwise, this field is blank.
  • KMA ID - The name of the KMA that generated this audit event. This KMA name is the user-supplied identifier that distinguishes each KMA in a cluster.
  • KMA Name - The user-supplied identifier that distinguishes each Appliance in a cluster.
  • Class - Identifies the class of operations to which the Audit Event entry belongs. If the Class value is Security Violation, the KMA that generated the event also issues an SNMP inform message with the event details.
  • Retention Term - The defined length of time that the Audit Event record is retained. Possible values are:
    • Long Term — Event records that must be stored for a lengthy time period.
    • Medium Term — Event records that must be stored for a medium length time period.
    • Short Term — Event records that must be stored for a short time period.
  • Audit Log Entry ID - A system-generated unique identifier that distinguishes each type of Audit Event entry.
  • Audit Log ID - A system-generated unique identifier that distinguishes each Audit Event entry.