Querying audit logs, Basic query – H3C Technologies H3C Intelligent Management Center User Manual
Page 125
116
{
CLI—Command executed by the device user.
{
Audit Type—Type of the audit. Options are:
−
Start—The log was generated when a user successfully logged in to a device.
−
End—The log was generated when a user logged off a device.
−
Update—The log was generated when TAM received a watchdog packet periodically sent
by an online user to declare that the user is still online.
−
Enter Command At CLI—The log was generated when a user executed a command at the
CLI.
−
Clear Online Data—The log was generated when an operator manually cleared online user
information.
−
Age Online Data—The log was generated when TAM periodically cleared aged online
users according to the Aging Time specified in the system parameter configuration.
{
Audit Time—Date and time when the audit was performed, in the format YYYY-MM-DD
hh:mm:ss.
{
Device IP—IP address of the device to which the device user logs in.
{
Details—To view the details, click the Details icon for an audit log.
Querying audit logs
TAM provides basic query and advanced query for audit logs. Basic query criteria include several key
parameters for quick search. Advanced query offers various query criteria for precise match.
Basic query
To perform a basic query:
1.
Click the User tab.
2.
On the navigation tree, select Device User > Log Management > Audit Logs.
The Audit Log list displays all audit logs.
3.
On the upper-right side of the Query Audit Logs area, click the Basic Query link.
You can perform a basic query if you see Advanced Query on the upper right side of the Query
Audit Logs area.
4.
Enter or select one or more of the following query criteria:
{
Account Name—Enter a partial or complete account name of the device user.
{
Audit Type—Select an audit type from the list. Options are:
−
Start
−
Update
−
End
−
Enter Command At CLI
−
Clear Online Data
−
Age Online Data
{
Audit Time From/To—Enter an audit time range for a device user, in the format YYYY-MM-DD
hh:mm.
Select an audit time range.