The Audit Log (Settings icon > User Admin > Audit Log) lists all actions taken by user accounts that result in changes to NetMRI or any of the data sets the account manages. Log entries include the timestamp in which the action was taken, the User name, a description of the action, and field change details when applicable.
Log entries are initially ordered by time, with the most recent at the top of the list. The table can be reordered, for example, to consolidate a particular user's actions. Alternatively, use quick searching to isolate specific log entries.
Managing User Audit Logs for SSH Connection Attempts to Devices
To track what NetMRI or its users are doing on the network, you can also view the audit logs for all events in which NetMRI or its users attempt to use SSH or Telnet sessions to network devices. The amount of data collected for such events can substantially impact the size of the collected event database, so you can switch this feature on and off when needed and change the duration of these events being held in the database. Connection events that are covered by this log category include SSH/Telnet connections for Config Collection, Credential Collection, terminal emulation, and Job Engine Run connections.
Before, when a user logged in, the Audit Log page did not show the details of external API requests. However, events related to external API requests can now also be logged on the Audit Log page.
The Audit Log page has been enhanced. When a user logs in, the page will show not only the events and records for each external API request entry but also the following information:
Timestamp: The date and time an event (that is, an API request) occurred.
User Name: The name of the account used to access the API endpoints.
Event Type: The event type–related message, displayed as API Request. All API requests will contain the same message.
IP Address: The source address of the user, or the address from which external API requests are made.
Message: The API path recorded based on the external API requests. When an external API request is made, the request-specific API path will be shown.
To view and change these settings, go to the Settings icon > General Settings > Advanced Settings > Notification category > Log All CLI Sessions. The default value is On. You can also choose the No Commands Logged option, which retains the session events but prevents any sensitive CLI data from being recorded.
An associated Advanced Setting, Prune CLI Session Duration, enables you to regularly prune the amount of CLI session data by setting the retention time for keeping that data in the Device Audit Log. The default setting is 7 days.