Audit Trail Logging

EFA provides full audit trail logging, including the successes and failures of user actions, which creates a 1-to-1 mapping between every action coming from EFA and a corresponding audit trail event from SLX.

Any configuration action on an SLX devices results in the generation of an audit trail. The name of the user is extracted from the token that the user logged in with. The user is assigned the role of admin as the default role on the device.

For OpenStack, the user name has the following format: <OpenStack tenant UUID> - <OpenStack user name> - <EFA tenant name>.

The following is an example of the audit log message for NETCONF or SSH sessions:
78 AUDIT, 2020/01/26-14:04:21 (GMT), [DCM-1006], INFO, DCMCFG, <ClientUserID>/
<ClientRole>/10.6.46.51/SSH/netconf,, SLX, Event: database commit transaction, Status: 
Succeeded, User command: "configure config username test1 role admin password ****".

The ClientUserID and ClientRole values are derived from the User and AuditLogRole variables, which originate from the values in the access token when the NETCONF or SSH session was established.