In the RSA NetWitness® Platform Administration System view Global Audit Logging Configurations panel, you can create multiple global audit logging configurations. These configurations are used to forward global audit logs to a central location to perform user audits.
Procedures related to global audit logging are described in Configure Global Audit Logging.
To access the Add New Configuration dialog:
- Go to select ADMIN > System.
- In the options panel, select Global Auditing.
The Add New Configuration dialog is displayed.
The Notifications section enables you to select a syslog notification server for the global audit logging configuration and a template to use for the global audit logs. The template defines the details of the global audit log entries.
The following table describes the features in the Add New Configuration and Edit Configuration dialogs.
User Actions Logged
The following table provides examples of some of the user actions logged from NetWitness Platform. These actions are the minimum user actions logged when applicable.
The following table shows examples of internal audit logs logged from NetWitness Platform
The following table shows examples of Global Audit Logs using the default Common Event Format (CEF) template. After you create a Global Audit Logging configuration, audit logs automatically go to the external syslog system in the format specified in the selected Audit Logging template.
The following table shows examples of global audit logs using the default human-readable format template on a third-party syslog server.
For lists of message type being logged by the various NetWitness Platform components, see Global Audit Logging Operation Reference.