Audit and event logging


#1

We’ve added enhanced logging to address the need to audit actions and changes to the configuration and data within the IQ Server.

Typical questions that can be answered by consulting the audit log:

  • who made what change, and when
  • who knows what, who had access to what information

These features were delivered over several releases, with IQ Server release 58 being the last installment. Refer to the Audit Log help page for configuration instructions and field definitions.

Reply to this topic with your uses cases and enhancements.


#2

Hi Jamie!
Can you please advise the way to customize audit event format?
For example I need to remove User-agent information and add internal IP of Nexus IQ.
Is it possible to achive through “logFormat” option?


#3

Hi,

I’m sorry but there is currently no way to customize the fields included in the audit events.

Best I can suggest is to post-process the log file, e.g.
sed 's/,"userAgent":"[^"]*"//' audit.log
will strip out the userAgent field.


#4

Hi! Thank you for explanation. Will try to post-process logs or play with log source identification.