Audit trail

Overview

To trace relevant activities in your Appliances (accesses, configuration modifications, starts, stops, etc), Nexthink components write to the audit log file:

/var/log/nexthink/audit.log

Find below the complete list of audit events. In the tables, the words displayed in italics in the log messages are replaced by actual values by the log system. For example, the actual username of the account that performed a particular logged action will replace the word account.

Appliance

See how to configure the system log for the Appliance to record the following events:

Logon with the SSH Nexthink account
Commands launched with super-user privileges

Web Console

Code

Description and format

Portal

Code

Description

Engine

Code

Description

The start and stop commands for the Engine that are executed from the CLI are logged in journalctl. Use the following command to retrieve them:

sudo journalctl -u nxengine@*.service | grep systemd

RELATED TASK

Configuring the system log

Last updated 2 months ago