logo.gif MCU 4210
host: mcu_febras

Working with the audit logs

The audit log records any user action on the MCU which might compromise the security of the unit, of its functions, or of the network.

By enabling auditing, all network settings, conference settings, security settings, creation/deletion of conferences, and any changes to the audit log itself are logged on the MCU.

All relevant actions on the MCU are logged, including those made through the serial console, a supervisor blade (for MSE blades), the API, FTP, and the web interface. The module that has caused a log is listed within the details of that log and will be one of:

Each log also has a severity associated with it (Error, Severe Warning, Warning, Info, or Status Warning).

You must enable the audit log for it to record these actions.

To enable and view the audit log, go to Logs and select the Audit log tab.

Audit log

The last 2000 audit messages generated by the MCU are displayed in the Audit log page.

The last 100,000 audit messages are stored on the compact flash if there is one; otherwise, the last 100,000 audit messages are stored internally. You can only view the last 2000 through the web interface, but you can download all stored audit messages (up to the 100,000) as XML.

You can delete audit messages, but you cannot delete the most recent 400 audit messages. If you delete any audit messages, that will be audited in a new audit message.

You cannot send the audit log to a syslog server.

Related topics