Viewing the Log File
Audit logs, which are stored in plain text, are archived and compressed when the audit log file reaches a size of 200 MB.
The current log file is named audit.log. If the audit log file reaches a size of 200 MB a second time, the file is compressed and the old audit log is renamed as audit.1.gz. The file number increments each time a log file is archived. JSA Risk Manager can store up to 50 archived log files.
The maximum size of any audit message (not including date, time, and host name) is 1024 characters.
Each entry in the log file displays using the following format:
<date_time> <host name> <user>@<IP address> (thread ID) [<category>] [<sub-category>] [<action>] <payload>
The following table describes the parameters used in the log file.
Table 1: Audit Log File Information
Parameter | Description |
|---|---|
<date_time> | The date and time of the activity in the format: Month Date HH:MM:SS. |
<host name> | The host name of the Console where this activity was logged. |
<user> | The name of the user that performed the action. |
<IP address> | The IP address of the user that performed the action. |
(thread ID) | The identifier of the Java thread that logged this activity. |
<category> | The high-level category of this activity. |
<sub-category> | The low-level category of this activity. |
<action> | The activity that occurred. |
<payload> | The complete record that has changed, if any. |
- Using SSH, log in to your JSA console as the root user.
- Using SSH from the JSA console, log in to the JSA Risk Manager appliance as a root user.
- Go to the following directory:
/var/log/audit - Open your audit log file.