What is user activity log forwarding?
User activity log forwarding overview
If the forwarding of NSP user activity logs to a remote server is enabled, each NSP user action is forwarded to a remote syslog server specified in the NSP configuration during system deployment.
User activity syslog record format
Each generated remote syslog message for user activity has the following fields:
User Activity Log syslog record example
The following is an example of an NFM-P User Activity Log record forwarded to a remote syslog server:
Note: The record is displayed as three separate sections for illustration purposes; an actual record is contiguous.
May 18 09:56:36 nsp-1a3 activitylogs: {"app":"Users And Security","clientHost":"203.0.100.5","reqMethod":"POST","addlParams":"{}","actionParams":[{"val":"
{\"retentionPeriod\":32,\"activityLogsMaxSize\":1000000,\"activityLogsWarningThreshold\":95,\"activityLogsCriticalThreshold\":100,\"activityLogsWarningPurgePercent\":5,\"activityLogsCriticalPurgePercent\":10}
","key":"jsonRequest"}],"respCodePhrase":"OK","timeStamp":"2020/05/27 10:47:14 821 +0000","affObjs":"{}","uid":"a0d3b09f66acb238d9f95ab1155d075e","host":"198.51.100.16","action":"set","time":"1590576434821","user":"admin","reqURL":"https://198.51.100.16/activitylogs-api/rest/api/v1/activityLogs/settings/set","respCode":"200"}
The fields in the example have the following values; the actionParams section, which is the second section in the example, indicates that the action involved setting user-activity log parameters:
-
User Activity Log entry—remainder that begins with "app":"Users and Security"; is in JSON format, and includes the following: