Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Salesforce Security Auditing

The JSA DSM for Salesforce Security Auditing can collect Salesforce Security Auditing audit trail logs that you copy from the cloud to a location that JSA can access.

The following table identifies the specifications for the Salesforce Security Auditing DSM:

Table 1: Salesforce Security Auditing DSM Specifications






Salesforce Security Auditing

RPM file name



Log File

JSA recorded events

Setup Audit Records

Automatically discovered


Includes identity


More information

Salesforce web site (

Salesforce Security Auditing DSM Integration Process

To integrate Salesforce Security Auditing DSM with JSA, use the following procedures:

  1. If automatic updates are not enabled, download and install the most recent versions of the following RPMs from the Juniper Downloads onto your JSA Console:

    • Log File Protocol RPM

    • Salesforce Security Auditing RPM

  2. Download the Salesforce audit trail file to a remote host that JSA can access.

  3. For each instance of Salesforce Security Auditing, create a log source on the JSA Console.

Downloading the Salesforce Audit Trail File

To collect Salesforce Security Auditing events, you must download the Salesforce audit trail file to a remote host that JSA can access.

You must use this procedure each time that you want to import an updated set of audit data into JSA. When you download the audit trail file, you can overwrite the previous audit trail CSV file. When JSA retrieves data from the audit trail file, JSA processes only audit records that were not imported before.

  1. Log in to your Salesforce Security Auditing server.

  2. Go to the Setup section.

  3. Click Security Controls.

  4. Click View Setup Audit Trail.

  5. Click Download setup audit trail for last six months (Excel.csv file).

  6. Copy the downloaded file to a location that JSA can reach by using Log File Protocol.

Log File Log Source Parameters for Salesforce Security Auditing

If JSA does not automatically detect the log source, add a Salesforce Security Auditing log source on the JSA Console by using the Log File protocol.

When using the Log File protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Log File events from Salesforce Security Auditing:

Table 2: Log File log source parameters for the Salesforce Security Auditing DSM



Log Source type

Salesforce Security Auditing

Protocol Configuration

Log File

Event Generator

RegEx Based Multiline

Start Pattern

(\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+)

End Pattern

Ensure that this parameter remains empty.

Date Time RegEx

(\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+)

Date Time Format

dd/MM/yyyy hh:mm:ss z