Auditing

Audit Log

Each event that is triggered by an action (user based or automatically) is recorded by the system and is visible in the Audit log. This feature allows Administrators to track events and data transfers on the system. Only users with the administrator role are able to view the Audit log.

The time, event details, user, source and status of the action are listed. You can filter the events by entering text in the search box and also sort based on column headers.

Export Audit Log

You can export the audit data in a CSV (comma separated values) file. This can be loaded in any 3rd party application, or saved in another internal database.

Retention and Syslog integration

In order to change audit settings please go to Audit page and click the Settings button in the top right.

This field allows you to configure a retention period for audit events(10-1100 days). Any events older than the specified period of time will be automatically removed.

Syslog integration settings

Enabling this integration will instruct Vault to send any audit event to the configured Syslog server.

Please note that only UDP protocol is supported for now. Because of this, Vault will not be able to validate the connection to the Syslog server. A test message will be sent if the configuration was successful.

The following settings are available for configuration:

SettingDescriptionDefault value
FacilityThe type associated with Vault eventsUser Level Messages
Log levelDetermines which messages get sent to the Syslog server, it filters out any message less important than the one selectedInformation
Server addressThe address of the server where the Syslog is located0.0.0.0
Server portThe open port on the Syslog server for accepting messages514
LanguageThe language to use for logging messagesEnglish
TimezoneTimezone recorded at the sending log time(UTC) Coordinated Universal Time
Output formatIt is possible to choose between Standard or CEF formatStandard

CEF Message Format

Base Format: Date Host CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension] Example: 2020-01-16T08:45:47Z LE10-L3174 CEF:0|OPSWAT|VAULT|1.0.0.0|1|Logon|6|requestClientApplication=127.0.0.1 deviceAction=Logon outcome=Success msg=Username logged on.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard