Applies To:

Show Versions Show Versions

Manual Chapter: Auditing Enterprise Manager System Events
Manual Chapter
Table of Contents   |   << Previous Chapter

13 
So that you can review valuable information about pertinent events, Enterprise Manager provides access to a comprehensive set of logs. The types of logs you can view are:
System events
System event messages are based on Linux® events, and are not specific to the Enterprise Manager system.
Local traffic events
Local-traffic event messages pertain specifically to the local Enterprise Manager system.
Audit events
Audit event messages are logged when changes are made to the Enterprise Manager system configuration. You can see which enterprise management tasks were initiated from a particular Enterprise Manager system. The Enterprise Manager system logs the messages for these events in the file /var/log/em. Logging audit events is optional.
Enterprise Manager and BIG-IP® systems use the Linux utility, syslog-ng, to log events. The syslog-ng utility is an enhanced version of the standard UNIX and Linux logging utility syslog. You can find information specific to BIG-IP system logging features in the Logging BIG-IP System Events chapter of the TMOS® Management Guide for BIG-IP® Systems.
Although event logging for Enterprise Manager works the same as in a BIG-IP system, some of the logging options specific to traffic management may not apply to Enterprise Manager. When you set local traffic logging options, some events may not produce logs, because Enterprise Manager does not deal with the same kind of traffic as a BIG-IP Local Traffic Manager system.
1.
On the Main tab, expand System, and click Logs.
The System Logs screen opens.
To view local traffic logs, on the menu bar, click Local Traffic.
The screen changes to display a log of local traffic events.
To view Enterprise Manager logs, from the Audit menu, choose List.
The screen changes to display a log of management activity on this Enterprise Manager system.
The Enterprise Manager system features seven processes that enable the system to manage other F5 Networks® devices in the network. The processes are briefly described here:
discoveryd
This process enables the device discovery features so that Enterprise Manager can identify and manage F5 devices in the network.
emadmind
This process enables the scheduled Enterprise Manager ConfigSnyc feature.
emalertd
This process enables the custom alerting features for managed devices, including creating alert instances, assigning alert actions, and logging alert events.
emdeviced
This process enables device management features such as managing device groups, performing high availability functions, and refreshing device status information.
emfiled
This process enables the features required to manage device configuration archives, including scheduling a rotating archive schedule, and maintaining pinned archives.
emreportd
This process enables the reporting features so that you can export certificate or configuration information.
swimd
This process enables the software image management features, including importing software or hotfix images to the software repository, and deploying software or hotfixes to managed devices
For each of these processes, Enterprise Manager can audit and log a variety of events. These message include device discovery, software installations, alerts for managed devices, and tasks involving managed device configuration archives. When you enable audit logging, the process name appears in the system log along with a more specific description of the event.
The auditing feature logs messages that pertain to configuration changes that users or services make to the Enterprise Manager system configuration. Changes such as when you create, modify, or delete a managed device, or install a software image. By default, the auditing feature that logs system events is enabled.
You can choose one of four log levels for audit logging. In this case, the log levels do not affect the severity of the log messages; instead, they affect the initiator of the audit event.
Disable
This turns audit logging off.
Enable
This causes the system to log messages for user-initiated configuration changes only. This is the default value.
Verbose
This causes the system to log messages for user-initiated configuration changes and any loading of configuration data.
Debug
This causes the system to log messages for all user-initiated and system-initiated configuration changes.
1.
On the Main tab, expand System, and click Logs.
The System Logs screen opens.
2.
On the menu bar, click Options.
The Options screen opens.
3.
From the Audit list, select a log level.
4.
Click Update.
When you need to find specific events in the audit log, you can use the Enterprise Manager audit search feature to find specific events by user, event text, or by date.
1.
On the Main tab, expand System, and click Logs.
The System Properties screen opens.
2.
From the Audit menu, choose Search.
The Search Logs screen opens.
3.
For User Name, type all or part of a user name to search the audit log for user names that match.
Note: You can use the default asterisk (*) to search for all user names.
4.
For Start Time, select a month, day, year, and time to set the earliest point for the audit log search.
5.
For Stop Time, select a month, day, year, and time to set the latest point for the audit log search.
6.
For Event Text, type all or part of a character string included in the Event description in the audit log.
Note: You can use the default asterisk (*) to search for all event text.
7.
Click Search to perform the search using the criteria you specified.
A table appears below the Search Properties table that lists all audit log entries that meet your search criteria.
To refine your search, you can change any values in the Search Properties table, then click Search again. If you want to perform a different search, click Reset to clear the values, then enter new search criteria.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)