This chapter describes how to monitor authentication activity and privileged operation events in the audit log. JUNOScope auditable events are stored in the JUNOScope database and are subsequently sent to the system log server and an optional RADIUS accounting server if one is configured (see Figure 6). This chapter also describes how to purge the audit log table, after audit log records accumulate over a period of time, to reclaim disk space on the JUNOScope server.
Figure 6: JUNOScope Security-Enhanced Sensitive Data Logging
Authentication activity events include the following:
Privileged operation events are user actions that change information in the JUNOScope system or in the network. Privileged events include the following:
Each audit record includes the date and time, event category, event type, username, and client IP address.
In addition to the internal audit log, audit events are also forwarded to the local syslog server and the configured RADIUS server (if any) as RADIUS accounting messages.
You must have superuser permission to view the audit log.
This chapter includes the following topic: