Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Viewing the JSA Risk Manager Log File

SUMMARY Audit logs, which are stored in plain text, are archived and compressed when the audit log file reaches a size of 200 MB.

The current log file is named audit.log. If the audit log file reaches a size of 200 MB a second time, the file is compressed and the old audit log is renamed as audit.1.gz. The file number increments each time a log file is archived. JSA Risk Manager can store up to 50 archived log files.

The maximum size of any audit message (not including date, time, and hostname) is 1024 characters.

Each entry in the log file displays by using the following format.

The following table describes the parameters that are used in the log file.

Table 1: Viewing Audit Log File Information
Parameter Description
<date_time> The date and time of the activity in the format: Month Date HH:MM:SS.
<host name> The hostname of the Console where this activity was logged.
<user> The name of the user that completed the action.
<IP address> The IP address of the user that completed the action.
(thread ID) The identifier of the Java thread that logged this activity.
<category> The high-level category of this activity.
<sub-category> The low-level category of this activity.
<action> The activity that occurred.
<payload> The complete record that changed, if any.
  1. Using SSH, log in to your JSA Console as the root user.
  2. Using SSH from the JSA Console, log in to the JSA Risk Manager appliance as a root user.
  3. Go to the following directory: /var/log/audit.
  4. Open your audit log file.