Monitoring and Maintaining the Audit Log

This chapter describes how to monitor authentication activity and privileged operation events in the audit log. Junos Scope auditable events are stored in the Junos Scope database and are subsequently sent to the system log server and an optional RADIUS accounting server if one is configured (see Figure 10). This chapter also describes how to purge the audit log table, after audit log records accumulate over a period of time, to reclaim disk space on the Junos Scope server.

Figure 10: Junos Scope Security-Enhanced Sensitive Data Logging

Image g002362.gif

Authentication activity events include the following:

Privileged operation events are user actions that change information in the Junos Scope system or in the network. Privileged events include the following:

Each audit record includes the date and time, event category, event type, username, and client IP address.

In addition to the internal audit log, audit events are also forwarded to the local syslog server and the configured RADIUS server (if any) as RADIUS accounting messages.

You must have superuser permission to view the audit log.

This chapter includes the following topic: