Work with Audit Logs

Let us learn to work with audit logs.
Use Audit Log to access the audit logs, filter the query parameters, compare different versions of the logs, and view audit logs for error scenarios.
  1. Login to the Prisma SD-WAN web interface.
  2. Navigate to
    System Administration
    Audit Log
    .
    You can also access audit logs for a resource by clicking on a resource or selecting
    Audit Log
    from the ellipsis menu.
  3. Use the filter criteria to narrow down the audit logs search.
    Enter values in any of the filter fields and click
    Query
    . You can enter partial text or a regular expression (Regex) for fields marked with a *. Filters can be set for a field by entering values or selecting an option from the drop-down. The following table describes the query parameters:
    Field Name
    Description
    Resource Key
    Identifies the resource for querying. The resource key is inside square brackets with the event name outside the brackets. For example, select Devices [elements] to filter operations on devices.
    Resource ID
    Uses the ID of the resource.
    Type
    Uses the type of operation for filtering. You can select either GET, POST, PUT, PATCH or DELETE.
    Status
    Uses the status of the operation for filtering. For example, a
    200
    in the
    Status
    field will filter actions with the Status Code 200 or successfully carried out actions.
    Resource Ver
    Uses the resource version for filtering. The resource version is updated whenever you perform an operation on the resource.
    URI Ver
    Uses the API version of the resource for filtering.
    URI
    Uses the request URI for filtering. The complete URI needs to be entered. For example, /v2.0/api/login
    Session Key
    Uses the session tag of the operator performing the operations on the resource.
    Source IP
    Uses the client IP address for filtering.
    Operator ID
    Sets the filter based on the operator performing the operations on the resource.
    Start Date
    Sets the filter based on a start date selected from the calendar drop-down. Start date corresponds to the time of the request. Records are filtered between the start date and the end date.
    End Date
    Sets the filter based on an end date selected from the calendar drop-down. End date corresponds to the time of the response. Records are filtered between the start date and the end date.
  4. Compare
    the audit log versions.
    Choose versions to compare by clicking the back and forward icons under
    Response Compared
    . The responses compared display changes between versions in different colors.
    You can also compare audit versions at the resource. Click the resource icon or select
    Audit Log
    from the ellipsis menu and then click the
    Compare
    icon.
  5. View the audit logs by clicking the
    Audit Log Record
    for details on bad requests or requests with response status 400.
    Audit logs support nested IDs, which when clicked, provide access to a specific resource. To return to the resources screen, click the breadcrumb navigation on the
    Compare Audit Log Versions
    screen.

Recommended For You