Viewing Audit Logs

Starting in R81.10.15, you can configure the appliance to send these local Audit Logs to Quantum Spark Management.

Advantages:

• Centralized Monitoring - View all audit logs in a dedicated monitoring page within the SMP. This centralized view allows for easy tracking of all changes made to the system components and objects.

• Comprehensive Tracking - Monitor changes related to users, administrators, security rules, allow lists, block lists, internet objects, IP addresses, MAC addresses, VPN operations, and more. Any modifications to critical security settings and configurations are logged and can be reviewed for accountability and security purposes.

• Enhanced Security and Compliance - Ensure that all administrative actions are logged, providing a detailed record for compliance audits and security reviews. This helps you detect unauthorized changes and enables you to take corrective actions promptly.

• Operational Transparency - Provide a transparent view of all administrative operations, making it easier to troubleshoot issues and understand the impact of specific changes.

Known Limitations:

• Export of Audit Logs supports only configuration changes in WebUI and Gaia Clish The default shell of the Gaia CLI.

• Export of Audit Logs for changes in the Dynamic Routing settings you make in Gaia Clish is not supported.

• Export of Audit Logs for users' login / logout is not supported.

To export Audit Logs to Quantum Spark Management:

Note - The Quantum Spark gateways must be connected to the Quantum Spark Management service in Infinity Portal.

1. On each Quantum Spark gateway, connect to the command line.

2. Log in to Gaia Clish.

3. Enable the export:

   set logs-config send-audit-on-db-change true

   To disable, configure the value "false".

For more information, see the Quantum Spark Management Administration Guide > Chapter "Logs and Events" > Section "Working with Audit Logs".