Log Types

The VOSS-4-UC system can log records of certain types, that can be logged locally or remotely. The log types contain events or transactions that originate from the:

• User interface
• API
• Command Line Interface (CLI)
• System activity (for example database connections)

The minimum specifications of the remote system for audit and event logs are:

• 2 VCPU’s
• 80 GB HDD
• 2GB RAM

Log types:

1. Audit

   Important

   The available types of audit logs are determined by the audit log rule set that is active - see: Audit Log Rule Sets

   The details below show details on the contents of types of audit logs.

   • On the Admin Portal and Self-Service Portal GUI and API:

     • login and logout attempts (successful and unsuccessful) and session login time, logout time and expire events using any of the authentication methods:

       • SSO
       • LDAP
       • VOSS-4-UC

       Expired sessions will only be logged at 5 minute intervals.

     • User account creations, modifications, disabling, and termination events. This means all create, update, delete operations on the data/User data model.

       User modifications include user move operations from one hierarchy to another.

       In particular, operations on the list of VOSS-4-UC models or attributes below, for: add, modify and delete.

       • data/Role
       • data/AccessProfile
       • data/User.role
       • data/CredentialPolicy

       Note that these operations on any created models that refer to these core models are not logged.

   • On the Command Line Interface (CLI):

     • login and logout attempts (successful and unsuccessful) and session login time, logout time and expire events; and also including:

       • root shell login and logout using the nrs script
       • ssh
       • scp
       • sftp

     • All root shell CLI commands are logged.

     • All CLI commands are logged. The audit log will show “CLI” or “Cluster” depending on how command was run.

       For the creation of schedules (using schedule), these are logged, but the scheduled commands are not logged when they execute.

       This includes for example user account creations, modifications, disabling, and termination events commands from the CLI:

       • user add
       • user del
       • user grant
       • user revoke
       • user list
       • voss unlock_sysadmin_account
       • See: Audit Log Format and Details

2. Event

   • All transactions, sub-transactions as well as their details as seen when viewing the Transaction Log in the GUI.

     Note that the detailed logs are not recorded. In other words, the rows of entries under the Logs table of a transaction as seen in the GUI under Administration Tools > Transaction are not shown in the event log, since the primary purpose of the log is auditing: “who did what”.

   • See Event Log Format and Details