Diagnostics and Reporting

Edit online

From the Diagnostics and Reporting page, you can enable the audit trail heartbeat, which sends an event every hour to the audit trail log. The audit trail heartbeat checks that the engine is operational. You can also enable the diagnostics log reporting that sends status report and crash reports to the scan engine.

Enabling audit trail logging

The Audit Trail feature logs all user actions and alerts. Audit trail information includes the user who performed an action, the action that is taken, the engine on which the action happened, and the date and time of the action. The alerts cover the services that run during different processes, such as indexing jobs, scheduling an action query, and starting and stopping services. After enabling the audit trail logging, enable the audit trail heartbeat in Settings > Network and Security > Diagnostics and Reporting.

Complete the following steps to enable audit trail logging:

Save a copy of the /etc/rsyslog.conf file.
Update the /etc/rsyslog.conf file as follows:
1. Verify that the following four entries are not commented. If a # sign appears in front of any of these entries, then remove the # sign:
```
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
```
2. Add the following line to the /etc/rsyslog.conf file before the $IncludeConfig entry:
```
LOCAL1.* /var/log/iesyslog.log
```
  Note: If you use the backup feature to return your logs, store the logs in the /opt/ie/var/ directory. For example: /opt/ie/var/log/iesyslog.log.
3. In the /etc/rsyslog.conf file, add local1.none to the line for /var/log/messages as follows:
```
*.info;mail.none;authpriv.none;cron.none;local1.none; /var/log/messages
```
  Note: The line in the /etc/rsyslog.conf file can look different than the example because of your operating system.
Restart the rsyslog service by issuing the following command:
```
systemctl restart rsyslog.service
```

The /var/log/iesyslog.log file now records all user actions. Your system administrator can manage the file by using logrotate or a similar command to rotate and purge logs as needed.

When the setup completes, activity messages start appearing in the /var/log/iesyslog.log file.

Enabling the Audit Trail heartbeat

To enable audit trail heartbeat, verify that audit trail logging is enabled. To enable the audit trail heartbeat, complete the following steps:

Go the Settings > Network and Security > Diagnostics and Reporting page.
Toggle the Heartbeat option under the Audit Trail to enable it.
Click Save Changes.

Setting the diagnostic log file reporting

Go the Settings > Network and Security > Diagnostics and Reporting page.
Select the checkbox under Diagnostic Log File Reporting to enable it.
Click Save Changes.