Use the Monitor—Audit Log to view all authentication activities and privileged operations performed by authorized users. Authentication activities include user login success, failure, logout, and session timeout. Privileged operations change information in the system or in the network, such as restoring a configuration to a device or changing a user password.
Additionally, authentication activities and privileged operations are sent to the system log message server and to an optional RADIUS accounting server.
Click Monitor > Audit Log. Select the filter rules to display only the audit log records you want to view in the Audit Log—Select Event Category, Type, or User Name dialog box, and click OK.
The Audit Log displays events in a table sorted by:
Time column—The date and time when the event was logged. The format for date and time is dow mon dd hh:mm:ss zzz yyyy.
User name column—The name of the user who performed the action that was logged.
Client Address column—The IP address of the client from which the action occurred.
Event Type column—The title of the audit log message that is logged.
Message column—The description of the audit log message that is logged.