Audit and event logging

jwhitehouse · January 14, 2019, 6:53pm

We’ve added enhanced logging to address the need to audit actions and changes to the configuration and data within the IQ Server.

Typical questions that can be answered by consulting the audit log:

who made what change, and when
who knows what, who had access to what information

These features were delivered over several releases, with IQ Server release 58 being the last installment. Refer to the Audit Log help page for configuration instructions and field definitions.

Reply to this topic with your uses cases and enhancements.

abasharin · January 29, 2019, 9:22pm

Hi Jamie!
Can you please advise the way to customize audit event format?
For example I need to remove User-agent information and add internal IP of Nexus IQ.
Is it possible to achive through “logFormat” option?

bentmann · January 30, 2019, 1:32pm

Hi,

I’m sorry but there is currently no way to customize the fields included in the audit events.

Best I can suggest is to post-process the log file, e.g.
sed 's/,"userAgent":"[^"]*"//' audit.log
will strip out the userAgent field.

abasharin · January 30, 2019, 7:27pm

Hi! Thank you for explanation. Will try to post-process logs or play with log source identification.