Displaying the Audit Log

The audit log displays Junos Scope authentication and privileged operation events by date and time, event category, event type, username, and client IP address. You can select filters to specify which records you want to see.

To display the Audit Log, follow these steps:

  1. From the Junos Scope main window, click Monitor > Audit Log. The Audit Log Filters dialog box appears.
    Image s001484.gif
  2. Select a filter rule to select the audit log records that you want to view:
    • Limit to number of rows per page drop-down list box—Select how many record rows you want to display per audit log page: 10, 25, 50, or 100. The default is 10.
    • Sort results by column-name drop-down list box—Select the column of data by which the audit log records will be sorted in the table: Time, Username, Client address, Event type, or Message. The default is Time.
    • Refresh Events every interval drop-down list box—Select when the audit log data will be updated in the table: from Never up to 1 hour. The default is Never.
    • Event Category drop-down list box—Select the events category to display: All, Authentication, or Privileged Operations. Authentication activities include user login success, failure, logout, and session timeout. Privileged operations are changes of information in the system or in the network, such as restoring a configuration to a device or changing a user password. The default is All.
    • Event Type drop-down list box—This list box is dynamically populated based on the event category that you selected. For example, if you select the authentication event category, all authentication event message types appear in this drop-down list box.
    • Updated in last time period check box, text box, and drop-down list box—Select the audit log records that have been updated in the last specified length of time. You can select n seconds, minutes, hours, or days, where n represents the time you specify. The default is 0 seconds.
    • Associated with user drop-down list box—Select records that are associated with a specified username.
  3. Click OK. The Audit Log dialog box appears.
    Image s001486.gif

Each audit record includes the date and time, event category, event type, username, and client IP address. The records are initially sorted by time in descending order so that the most recent events are at the top of the list. See Table 17.

Table 17: Audit Log Columns

Column Name

Description

Time

The date and time that the event was logged. The format for date and time is dow mon dd hh:mm:ss zzz yyyy.

Where:

  • dow is the day of the week (Sun, Mon, Tue, Wed, Thu, Fri, Sat).
  • mon is the month (Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec).
  • dd is the day of the month (01 through 31), as two decimal digits.
  • hh is the hour of the day (00 through 23), as two decimal digits.
  • mm is the minute within the hour (00 through 59), as two decimal digits.
  • ss is the second within the minute (00 through 61), as two decimal digits.
  • zzz is the time zone (and may reflect Daylight Saving Time). If time zone information is not available, then zzz is empty; that is, it consists of no characters at all.
  • yyyy is the year, as four decimal digits.

User

The name of the user who performed that action that was logged. The default user is admin.

Client Address

The IP address of the client from which the action occurred.

Event Type

The title of the system log message that is logged.

Message

The description of the system log message that is logged.