Securing your computer system just got easier with Graylog's Audit Log feature in Graylog Enterprise. With compliance in mind, Audit Log allows you to track user changes in Graylog and record all state changes into the database. In addition, you can search, filter, and export all audit log entries.
The Audit Log plugin automatically records user actions and directly stores it in
Graylog's MongoDB database. You have the ability to set the length of time the
actions will be saved in your Graylog configuration file.
The Graylog Audit Log plugin also includes a section in the web interface where you can view your stored events, search for specific events with an advanced query language, and export the results into a JSON or CSV file. In addition, you can always use Graylog's REST API to extract your data in a file to be viewed from anywhere.
You can store your audit logs in either MongoDB or a file in your server's file system. We highly recommend that you keep the default database storage as it is easier to write and collect your audit log entries.
Yes, there are two methods to export the audit log entries. You can use the Graylog web interface, or if you wish to export programmatically, you can use Graylog's REST API.
You can customize the length of time your log entries are stored in your configuration. By default, entries will be stored for 365 days.
Yes! You can search for a certain event either in the Graylog web interface or programmatically with our REST API.