What is user activity log forwarding?

User activity log forwarding overview

If the forwarding of NSP user activity logs to a remote server is enabled, each NSP user action is forwarded to a remote syslog server specified in the NSP configuration during system deployment.

User activity syslog record format

Each generated remote syslog message for user activity has the following fields:

User Activity Log syslog record example

The following is an example of an NFM-P User Activity Log record forwarded to a remote syslog server:

Note: The record is displayed as three separate sections for illustration purposes; an actual record is contiguous.

May 18 09:56:36 nsp-1a3 activitylogs: {"app":"Users And Security","clientHost":"203.0.100.5","reqMethod":"POST","addlParams":"{}","actionParams":[{"val":"

{\"retentionPeriod\":32,\"activityLogsMaxSize\":1000000,\"activityLogsWarningThreshold\":95,\"activityLogsCriticalThreshold\":100,\"activityLogsWarningPurgePercent\":5,\"activityLogsCriticalPurgePercent\":10}

","key":"jsonRequest"}],"respCodePhrase":"OK","timeStamp":"2020/05/27 10:47:14 821 +0000","affObjs":"{}","uid":"a0d3b09f66acb238d9f95ab1155d075e","host":"198.51.100.16","action":"set","time":"1590576434821","user":"admin","reqURL":"https://198.51.100.16/activitylogs-api/rest/api/v1/activityLogs/settings/set","respCode":"200"}

The fields in the example have the following values; the actionParams section, which is the second section in the example, indicates that the action involved setting user-activity log parameters: