Audit trail

The appliance keeps an audit trail in the audit log and the CLI log.

The audit log itself records events such as system configuration changes, successful user log ins, user modifications, and significant system events, such as intrusion detection and firmware information during boot. The CLI log records every CLI command, regardless of whether a configuration change is made. This category provides a record of all commands that are run, including display commands and those within configuration scripts.

The information recorded also includes events generated by IBM® MQ, which is always available to view by using CLI commands (see show audit-log), and on the web UI (click the status icon and select Logs > Audit logs). You can also set up log targets using the audit log category to send this log to another location on the appliance, or to an external central syslog server.

CLI events record the input of commands, not the result or outcome. CLI trace records are generated when a command is issued, irrespective of whether the command is included in the audit trace. The web UI and REST management interface are often a front end to the CLI, particularly for configuration changes, so this category also includes log events for commands that are invoked internally to service these interfaces.

For details about the audit and CLI logs, and how to consume them, see Appliance audit logs.