Managing Audit Files
- 31 Dec 2024
- 4 Minutes à lire
- SombreLumière
- PDF
Managing Audit Files
- Mis à jour le 31 Dec 2024
- 4 Minutes à lire
- SombreLumière
- PDF
The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article
Avez-vous trouvé ce résumé utile ?
Merci pour vos commentaires
Individual audit records can be viewed in the live audit viewer, and filtered and exported using the OneSpan Authentication Server Appliance Configuration Tool.
Events generated by the OneSpan Authentication Server component for auditing are stored in the internal database. They are moved to an audit database on a monthly basis or until a maximum audit data size limit of 500 MB is reached. When this limit is exceeded, new audit data is stored in a new database part.
Parts of the database can be downloaded and deleted via the OneSpan Authentication Server Appliance Configuration Tool. Downloading is the same as the exporting, but uses a format compatible with OneSpan Authentication Server.
.png?sv=2022-11-02&spr=https&st=2025-01-23T16%3A20%3A03Z&se=2025-01-23T16%3A30%3A03Z&sr=c&sp=r&sig=fnauXIZXISqO0GB9CElJkSTM538D2pB2UIn%2BTPQqeYU%3D)
Viewing audit files
To view and filter audit files
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Navigate to Monitoring > Audit Logs.
If required, you can filter by using simple or advanced filters:.
To use the simple filter, type the characters to be searched for in the message part of the audit message in the Filter box. Only lines with content that matches the filter entry will be listed. To clear the filter, click X.
To use the advanced filter, click the arrow to the right of the Filter box to open the Advanced Filter dialog (see Figure: Advanced audit filter fields). For more information about searching using the filter fields, see Table: Audit filter fields.
Figure: Using the advanced filter
| Type | Description |
|---|---|
| Start Date | Only records after the date specified are displayed. |
| End Date | Records up to and including the entered date are displayed. |
| Type is | Only audit messages of the selected type are displayed (see Send Audit Messages to Syslog). |
| Source contains | This field is only relevant if you have a replication setup (see Configuring replication). Only records generated from this server are displayed. |
| Category contains | Only records with a category matching the category entered in this field are displayed. |
| Code contains | Only records with a matching error code are displayed. For a list of possible error codes, refer to the OneSpan Authentication Server Appliance Administrator Reference. |
| Host contains | Only records with a matching IP address are displayed. |
| Hostname contains | Only records with a matching host name are displayed. |
| Description contains | Only records with a matching string in the Description field are displayed. |
| Field ... contains | Select a field in the drop-down list and enter the matching string to be searched for. Only matching records are displayed. |
It is only possible to access the advanced filter when the simple filter is cleared. To clear the simple filter, click the X icon next to the Filter box.
Exporting and downloading auditing information
Exporting auditing information can be useful in the following cases:
- One reporting system is used for all servers on a network.
- Auditing information needs to be kept for a long time.
You can use filters to define which data should be exported.
To export audit files
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Navigate to Monitoring > Audit Logs.
- Click Export. The Export Log dialog opens (see Figure: Exporting audit files). Fields are explained in Table: Audit export fields.
| Type | Description |
|---|---|
| Start date | Only records after the date specified are exported. |
| End date | Records up to and including the entered date are exported. |
| Source | This field is only relevant if you have a replication setup (see Configuring replication). Only records generated from this server are exported. |
| Category | Only records with a category matching the category entered in this field are exported. |
| Host | Audit records can be exported for all servers, or the local host only. |
| Output Format | This is the data output format to use:
|
Although it is still called CSV format, the CSV option creates an export file that uses tab characters as the separator, not a comma!
To download audit files
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Navigate to Monitoring > Log File Management and click Databases. Available audit files will be listed below.
Click the download icon to the right of an available audit file to download it.
Downloading audit data is the same as exporting and uses the OneSpan Authentication Server–compatible format.
It is not possible to remove database partitions manually. However, you can set up log files to be deleted automatically.
To configure automatic deletion of audit files
- Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
- Navigate to Settings > Logging and Auditing.
- Select Delete audit logs and specify how long you want to keep audit logs.
Cet article vous a-t-il été utile ?