Audit Log Forwarding in Junos Space Overview
Junos Space Network Management Platform enables you to forward audit logs to a system log server. You can add one or several audit log forwarding criteria to Junos Space Platform to export audit logs from the Junos Space Platform database to a system log server. For example, Criterion1 can be added with HostAddress1 and default port number 514 and default protocol TCP. If Criterion1 is enabled, all audit logs that fulfill Criterion1 are forwarded to HostAddress1.
On the Audit Log Forwarding inventory page of the Administration workspace, you can view the audit log forwarding criteria that are configured in Junos Space Platform. You can also add a new audit log forwarding criterion, enable existing audit log forwarding criteria, modify the details of existing audit log forwarding criteria, and delete audit log forwarding criteria from Junos Space Platform. To manage audit log forwarding in Junos Space Platform, you must be assigned the privileges of a Super Administrator or System Administrator.
Audit logs are forwarded to the system log server at configured time intervals. By default, audit logs are forwarded every sixty minutes. All the audit logs after the previous successful forwarding are exported at the configured time based on an enabled audit log forwarding criterion. You can also enable more than one criteria for audit log forwarding.
The time interval for audit log forwarding can be configured from Administration > Applications. For more information about configuring the time interval for audit log forwarding, see Modifying Junos Space Network Management Platform Settings.
The audit logs forwarded to the system log server is in Common Event Format (CEF).
The status of audit log forwarding is displayed by the Audit Logs forwarding failed parameter in the system health report on the Administration page.
When audit log forwarding fails:
The status of the parameter Audit log forwarding failed changes from No to Yes.
Configured e-mail listeners in the Email Listeners list receive e-mail alerts (e-mail alerts are also received when the issue is resolved).
For more information about the status of audit log forwarding, see Viewing the Administration Statistics.
You can perform the following tasks from Administration > Audit Log Forwarding page of Junos Space Platform:
Testing the System Log Server Connection for Audit Log Forwarding