Audit Logs

Let us learn about audit logs in Prisma SD-WAN.
Audit
logs are available through the Prisma SD-WAN web interface and provide records of administrators' configuration changes in a system. You can use these logs for compliance and troubleshooting purposes. They provide logs on changes made, owner of the change, time of change, and the scope of the change at a site, system, or a subset of sites.
You may filter the audit logs by time range with the capability to go back in time by at least six months, by site, device, and type such as security, network policy, system administration, and users. The
Audit
logs provide details on the number of attempted logins to an enterprise portal by a specific user from a particular IP address with information on all successful and failed attempts. Users will have a view of all system changes and access attempts.
Audit logs auto-expire after two years, although the last two actions carried out on any resource are kept forever. They are accessible to the ROOT, SUPER, and IAM ADMIN user roles. Custom roles with GET and POST permissions for the audit log resource may access these logs.
Audit logs support Regex queries and compare versions by rewinding or fast-forwarding to earlier or later versions and keeping a version static while changing the other version. You can access the audit logs from the
System Administration
tab on the Prisma SD-WAN web interface as well as directly from resources, such as sites, devices, SNMP traps, Syslog exports, NTP clients, server, BGP, static route, interface configuration, policy rule, policy set, stacked policy prefix, custom application, application override configuration, network contexts, circuit categories, IPSec profiles, Policies (Original), zones, and prefix filters. You can export audit logs CSV files through the
Audit
log menu.

Recommended For You