Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Audit Log Format

    The audit log contains log entries that indicate non-idempotent (state changing) actions performed on WebApp Secure. For example:

    • Configuration additions, changes, deletions, insertions
    • Manual Response deactivations
    • Log in attempts and notices
    • Applying license keys
    • User permission violations (attempted actions by users that are not allowed to perform such actions) will all be shown in audit.log. This log is a good candidate for regular auditing (hence the name), as it will allow administrators to see various changes or other activity that took place on the appliance, along with identifiers that indicate who took the action.

    The format of audit log messages is as follows:

    <date_utc> <hostname> [mws-audit][<log_level>] [<api_key>] <message>

    Field definitions:

    • <api_key >–The key used to perform the action described in the <message>.
    • <message>–The message. Can indicate any of the previously mentioned actions. In the case oflogins, an additional field shows the user the person logged in as, as well as the IP they were connecting from.

    Logfile Example:

    Jan 22 16:14:23 my-jwas [mws-audit][INFO] [mykonos] [] Logged in successfully Jan 23 19:16:22 my-jwas [mws-audit][INFO] [ea77722a8516b0d1135abb19b1982852] Deactivate response 1832840420318015488 Feb 7 20:29:51 my-jwas [mws-audit][INFO] [mykonos] [] Login failed. Attempt: 1 Feb 14 19:02:54 my-jwas [mws-audit][INFO][mykonos] Changed configuration parameters: services.spotlight.enabled, services.spotlight.server_address

    Published: 2014-06-27