In the RSA Security Analytics Administration System view Global Audit Logging Configurations panel, you can create multiple global audit logging configurations. These configurations are used to forward global audit logs to a central location to perform user audits.
Procedures related to global audit logging are described in Configure Global Audit Logging.
To access the Add New Configuration dialog:
- In the Security Analytics menu, select Administration > System.
- In the options panel, select Global Auditing.
- In the Global Audit Logging Configurations panel, click .
The Add New Configuration dialog is displayed.
The Notifications section enables you to select a syslog notification server for the global audit logging configuration and a template to use for the global audit logs. The template defines the details of the global audit log entries.
The following table describes the features in the Add New Configuration and Edit Configuration dialogs.
User Actions Logged
The following table provides examples of some of the user actions logged from Security Analytics. These actions are the minimum user actions logged when applicable.
For lists of message type being logged by the various Security Analytics components, see Global Audit Logging Operation Reference.