Audits
Understand how to view and manage auditing in Lenses
Lenses audits all user actions. Audit events can be viewed in Lenses and also sent to two channels, Splunk and Webhook.
Audits can also be written to a file by setting a file path in the lenses.audit.to.log.file option in lenses.conf. Lenses will then write audit entries to disk as JSON for collection by your log aggregation systems.
Audit Connections
To send audits entries to an external system, you first need to tell each Lenses agent when it can send them to, these are audits connections, defined in the provisioning file.
You can integrate and send alerts to:
Splunk
Webhooks
You can configure the provisioning file by selecting Environments & Topics option from the left sidebar, expand the environment node and select the the Configuration node. You can then edit, test and apply the provisioning file againts the connected agent.
Audit Channels
Once you have audit connections configured, you can then create audit channels. Channels form the link to the connection, you can create multiple channels per connection.
Select the Environments & Topics option from the left sidebar, expand the environment node you are interested in and select the Audit Logs node, this will open the listing of audit events.
Select the channels sub tab so view existing channels. You can either then edit the channel or create a new channel.
Viewing audit logs in Lenses
Select the Environments & Topics option from the left sidebar, expand the environment node you are interested in and select the Audit logs node, this will open the listing audit events.
Last updated
Was this helpful?