Audit Records
Secure Firewall Management Centers log read-only auditing information for user activity. Audit logs are presented in a standard event view that allows you to view, sort, and filter audit log messages based on any item in the audit view. You can easily delete and report on audit information and can view detailed reports of the changes that users make.
The audit log stores a maximum of 100,000 entries. When the number of audit log entries exceeds 100,000, the appliance prunes the oldest records from the database to reduce the number to 100,000.
The audit logs do not display the user or the source IP for login errors:
-
When wrong password is used, the source IP is not displayed.
-
When the user account does not exist, both source IP and the user are not displayed.
-
If the attempt for an LDAP user fails, no audit log is triggered.