In the Global Audit Logging Configurations panel (Admin > System > Global Auditing), you configure global audit logging by adding configurations that define how global audit logs are forwarded to external syslog systems. Global audit logs are forwarded to the selected Notification Server in your global audit logging configuration using the selected Notification Template.
Global Audit Logging provides auditors with consolidated visibility into user activities within NetWitness Suite in real-time from one centralized location.
This workflow shows the necessary procedures to configure and verify Global Audit Logging.
Before you can define a Global Audit Logging configuration, you need to create a Syslog Notification Server on the Global Notifications > Server tab. The Syslog Notification Server is the destination that receives the global audit logs. Next, you need to select or define an Audit Logging template on the Global Notifications > Templates tab. The Audit Logging template defines the format and message fields of the audit logs sent to the Log Decoder or third-party syslog server. If you are consuming with a Log Decoder, deploy the Common Event Format parser to your Log Decoder from Live.
After you add a Global Audit Logging configuration here, audit logs are forwarded to the selected Notification Server in the configuration. Verify your audit logs to ensure that they show the audit events as defined in your audit logging template.
- Troubleshoot Global Audit Logging
- Add New Configuration Dialog
- Supported CEF Meta Keys
- Supported Global Audit Logging Meta Key Variables
- Global Audit Logging Operation Reference
- Local Audit Log Locations
The following example illustrates a Global Audit Logging configuration. The configuration defines how NetWitness Suite forwards global audit logs to external syslog systems.
|1||Displays the Global Audit Logging Configurations panel.|
|2||Name that identifies the Global Audit Logging configuration.|
|3||Notification Server assigned to the Global Audit Logging configuration.|
|4||Notification Template assigned to the Global Audit Logging configuration.|
|5||Displays the Global Notifications panel where you set up Servers and Templates required to configure a Global Audit Logging configuration.|
The following table describes the toolbar actions
The following table describes the listed configurations.