Junos Space Audit Logs Overview
The Audit Logs workspace of Junos Space Network Management Platform displays the login history of and tasks initiated by a user. Through this workspace, you can track login history, device management tasks, services that were provisioned on devices, and so on. However, tasks that are not initiated by users, such as device-driven activities (for example, resynchronization of network elements), and changes made from the Junos Space CLI are not recorded in audit logs. Audit logs can be used by administrators to review events; for example, to identify which user accounts are associated with an event, to determine the chronological sequence of events—that is, what happened before and during an event, and so on.
Junos Space Platform also tracks all externally-initiated non-READ REST APIs, and login and logout APIs. In addition, if the Record HTTP Get method check box is selected (in the Modify Network Management Platform Settings page), then Junos Space Platform tracks externally-initiated READ APIs.
Administrators can sort and filter audit logs; for example, administrators can use audit log filtering to track the user accounts that were added on a specific date, track configuration changes across a particular type of device, view services that were provisioned on specific devices, monitor user login and logout activities over time, and so on.
To use the audit log service to monitor user requests and track changes initiated by users, you must be assigned the Audit Log Administrator role.
Junos Space Platform enables you to manage the volume of audit
log data stored by purging log files from the Junos Space Platform
database without archiving them or by purging log files after archiving
them. When you archive logs before purging them, the archived log
files are saved in a single file in compressed comma-separated values
(CSV) format (extension
Audit logs can be archived locally (on the active node in the Junos
Space fabric) or to a remote server. When you archive data locally,
the archived log files are saved to the
/var/lib/mysql/archive directory on the active Junos Space node.
You can schedule the purging of audit logs (with or without prior archiving) for a later date and schedule the purging on a recurring basis.
Junos Space Platform also enables you to download audit logs in CSV format so that you can view the audit logs in a separate application or save them on another machine for further use, without purging them from the system.
You can also forward audit logs to a system log server by using one or more audit log forwarding criteria.
Audit log forwarding criteria can be configured and managed from the Audit Log Forwarding page under the Administration workspace. For more information about audit log forwarding, see Audit Log Forwarding in Junos Space Overview.