Work with Audit Logs
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
Work with Audit Logs
Let us learn to work with audit logs.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Use Audit Log to access the audit logs, filter
the query parameters, compare different versions of the logs, and
view audit logs for error scenarios.
- Select ManageSystemAudit Logs.You can also access audit logs for a resource by clicking on a resource or selecting Audit Logs from the ellipsis menu.Use the filter criteria to narrow down the audit logs search.Enter values in any of the filter fields and click Query. You can enter partial text or a regular expression (Regex) for fields marked with a *. Filters can be set for a field by entering values or selecting an option from the drop-down. The following table describes the query parameters:
Field Name Description Resource Key Identifies the resource for querying. The resource key is inside square brackets with the event name outside the brackets. For example, select Devices [elements] to filter operations on devices.Resource ID Uses the ID of the resource.Type Uses the type of operation for filtering. You can select either GET, POST, PUT, PATCH or DELETE.Status Uses the status of the operation for filtering. For example, a 200 in the Status field will filter actions with the Status Code 200 or successfully carried out actions.Resource Ver Uses the resource version for filtering. The resource version is updated whenever you perform an operation on the resource.URI Ver Uses the API version of the resource for filtering.URI Uses the request URI for filtering. The complete URI needs to be entered. For example, /v2.0/api/loginSession Key Uses the session tag of the operator performing the operations on the resource.Source IP Uses the client IP address for filtering.Operator ID Sets the filter based on the operator performing the operations on the resource.Start Date Sets the filter based on a start date selected from the calendar drop-down. Start date corresponds to the time of the request. Records are filtered between the start date and the end date.End Date Sets the filter based on an end date selected from the calendar drop-down. End date corresponds to the time of the response. Records are filtered between the start date and the end date.Compare the audit log versions.Choose versions to compare by clicking the back and forward icons under Response Compared. The responses compared display changes between versions in different colors.You can also compare audit versions at the resource. Click the resource icon or select Audit Log from the ellipsis menu and then click the Compare icon.View the audit logs by clicking the Audit Log Record for details on bad requests or requests with response status 400.Audit logs support nested IDs, which when clicked, provide access to a specific resource. To return to the resources screen, click the breadcrumb navigation on the Compare Audit Log Versions screen.