Version:

Audit Trail

AAHC generates audit records for login attempts, configuration, and search history. It forwards the audit logs to a remote Syslog server. The Syslog server can be a Logpoint instance or any other log receiving service.

Adding the AAHC Server in Logpoint

  1. Log into the Logpoint with your credentials.

  2. Go to Settings >> Configuration >> Devices.

  3. Click Add.

  4. Enter a Name for the device.

  5. Enter the IP address(es) of the AAHC server.

  6. Enter the Device Groups, Log Collection Policy, Distributed Collector, and Time Zone.

  7. Define the risk values of the device in terms of Confidentiality, Integrity, and Availability.

  8. Click Save.

    ../_images/audittrail_createdevice.png

    Create a device

  9. Go to the Available Collectors Fetchers panel and click Syslog Collector.

  10. Add the Syslog Collector to the device.

    ../_images/audittrail_syslogcollector.png

    Configure the Syslog collector

Make sure you apply _logpoint as the normalization policy to correctly normalize the audit logs.

Viewing the AAHC Audit Logs

Go to Search in Logpoint and enter the following search query:

"action" = "LogpointWebApp-AAHC"
../_images/audittrail_logs.png

View audit logs

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support