Admin Audit Log Formats
The Cisco Secure Access Admin Audit logs show the administrative changes to your organization's Secure Access settings. For information about the size of a log file, see Estimate the Size of a Log.
Table of Contents
Examples
Examples of Admin Audit Logs.
V8, V9 Log Samples
"","2021-07-22 10:46:45","[[email protected]](mailto:[email protected])","","logexportconfigurations","update","209.165.200.227","version: 4","version: 5"
Order of Fields in Admin Audit Log
Note: Not all fields listed are found in most or all requests. When a field does not have a value, Secure Access sets the field to the empty string (""
) in the log.
V8, V9 Log Formats
The CSV fields in the header row of the Admin Audit logs.
id,timestamp,email,user,type,action,logged in from,before,after
- id—A unique identifier of the audit event.
- timestamp—The date and time when this request was made in UTC. This is different than the Secure Access dashboard, which converts the time to your specified time zone.
- email—The email of the user that triggered the event.
- user—The account name of the user who created the change.
- type—Where the change was made, such as settings or a policy.
- action—The type of change made, such as Create, update, or Delete.
- logged in from—The user's IP source.
- before—The policy or setting before the change was made.
- after—The policy or setting after the change was made.
Reports and CSV Formats < Admin Audit Log Formats > Cloud Firewall Log Formats
Updated 7 months ago