Skip to main content
SANtricity 11.8

Define audit log policies

Contributors

You can change the overwrite policy and the types of events recorded in the audit log.

Before you begin

You must be logged in with a user profile that includes Security admin permissions. Otherwise, the Access Management functions do not appear.

About this task

This task describes how to change the audit log settings, which include the policy for overwriting old events and the policy for recording event types.

Steps
  1. Select Settings  Access Management.

  2. Select the Audit Log tab.

  3. Select View/Edit Settings.

    The Audit Log Settings dialog box opens.

  4. Change the overwrite policy or types of events recorded.

    Field details
    Setting Description

    Overwrite policy

    Determines the policy for overwriting old events when the maximum capacity is reached:

    • Allow the oldest events in the audit log to be overwritten when the audit log is full — Overwrites the old events when the audit log reaches 50,000 records.

    • Require audit log events to be manually deleted — Specifies that events will not be automatically deleted; instead, a threshold warning appears at the set percentage. Events must be deleted manually.

      Note If the overwrite policy is disabled and the audit log entries reach the maximum limit, access to System Manager is denied to users without Security Admin permissions. To restore system access to users without Security Admin permissions, a user assigned to the Security Admin role must delete the old event records.
      Note Overwrite policies do not apply if a syslog server is configured for archiving audit logs.

    Level of actions to be logged

    Determines types of events to be logged:

    • Record modification events only — Shows only the events where a user action involves making a change in the system.

    • Record all modification and read-only events — Shows all events, including a user action that involves reading or downloading information.

  5. Click Save.