Work with Audit Logs
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Prisma SD-WAN Incidents and Alerts
Work with Audit Logs
Let us learn to work with audit logs.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Use Audit Log to access the audit logs, filter
the query parameters, compare different versions of the logs, and
view audit logs for error scenarios.
- Select ManageSystemAudit Logs.You can also access audit logs for a resource by clicking on a resource or selecting Audit Logs from the ellipsis menu.Use the filter criteria to narrow down the audit logs search.Enter values in any of the filter fields and click Query. You can enter partial text or a regular expression (Regex) for fields marked with a *. Filters can be set for a field by entering values or selecting an option from the drop-down. The following table describes the query parameters:
Field Name Description Resource Key Identifies the resource for querying. The resource key is inside square brackets with the event name outside the brackets. For example, select Devices [elements] to filter operations on devices.Resource ID Uses the ID of the resource.Type Uses the type of operation for filtering. You can select either GET, POST, PUT, PATCH or DELETE.Status Uses the status of the operation for filtering. For example, a 200 in the Status field will filter actions with the Status Code 200 or successfully carried out actions.Resource Ver Uses the resource version for filtering. The resource version is updated whenever you perform an operation on the resource.URI Ver Uses the API version of the resource for filtering.URI Uses the request URI for filtering. The complete URI needs to be entered. For example, /v2.0/api/loginSession Key Uses the session tag of the operator performing the operations on the resource.Source IP Uses the client IP address for filtering.Operator ID Sets the filter based on the operator performing the operations on the resource.Start Date Sets the filter based on a start date selected from the calendar drop-down. Start date corresponds to the time of the request. Records are filtered between the start date and the end date.End Date Sets the filter based on an end date selected from the calendar drop-down. End date corresponds to the time of the response. Records are filtered between the start date and the end date.Compare the audit log versions.Choose versions to compare by clicking the back and forward icons under Response Compared. The responses compared display changes between versions in different colors.You can also compare audit versions at the resource. Click the resource icon or select Audit Log from the ellipsis menu and then click the Compare icon.View the audit logs by clicking the Audit Log Record for details on bad requests or requests with response status 400.Audit logs support nested IDs, which when clicked, provide access to a specific resource. To return to the resources screen, click the breadcrumb navigation on the Compare Audit Log Versions screen.