Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Audit Logs in Gaia?

Hi guys Smiley Happy Is there a way how we can check changes done through gaia from Management Audit Logs? Thanks in advance

Senior Information Security Engineer
Labels (1)
0 Kudos
Reply
4 Replies
Highlighted
Champion
Champion

0 Kudos
Reply
Highlighted

Or CLI alternative in case webUI is disabled, or not allowed:

hostname> set syslog mgmtauditlogs on

hostname> set syslog auditlog permanent

More info in this article:

How to export syslog messages from Gaia Security Gateway to a Log Server and view them in SmartView ... 

Kind regards,
Jozko Mrkvicka
Highlighted
Champion
Champion

Within Gaia's expert mode you can easily look for changes within audit log with this one-liner:

tail -n 200 $FWDIR/log/fw.adtlog | grep -a changed

This shows the last 200 lines of your audit log. Change the number to how many lines you want to see.

Participant

*** UPDATE ****

Thanks all for your suggestions.

We have enabled logging for all Bash shell commands in Gaia following the procedure in SK99134 and forwarded syslog to an external syslog server.

Thanks all for your help Smiley Happy

Senior Information Security Engineer