Audit Logging

Plixer Endpoint Analytics can log UI activity either locally (to /var/log/audit.log) or to an external syslog server. UI audit logging is disabled by default.

Note

UI audit log messages delivered to /var/log/audit.log require root privileges to view using the tail, cat, more, or less commands.

To enable audit logging, rename the audit.xml.sample file found in /usr/beacon/config to audit.xml, and then edit it to set the desired level of audit logging. The default configuration of the file is for full UI audit logging with delivery to the internal syslog.

• Audit log message formats
• Audit logging to external syslog