and more in a single search tool across platforms. Read the announcement here. |
05/26/2022 11:35 PM
How many days application audit logs are available in UI (Admin -> Admin Function -> Application Audit Logs)? I couldn't find the logs from last year.
Are the application audit logs that aren't not visible in UI being stored somewhere in the backend which can be requested when needed?
Thanks in advance!
-Siva
05/26/2022 11:53 PM
Hi Sivagami
Application logs are stored in a Elasticsearch index instead of flat files (such as debug.log, error.log and so on).Logs are also shipped in real time to 3 different locations:
You can request old logs stored in s3 bucket by creating a ticket for CloudOps queue.
While creating the ticket please provide following details:
CloudOps team will download the required logs from s3 bucket and share with you.
Let us know if this helps!
Thanks
Srinivas
05/26/2022 11:54 PM
Hi Sivagami
Application logs are stored in a Elasticsearch index instead of flat files (such as debug.log, error.log and so on).Logs are also shipped in real time to 3 different locations:
You can request old logs stored in s3 bucket by creating a ticket for CloudOps queue.
While creating the ticket please provide following details:
CloudOps team will download the required logs from s3 bucket and share with you.
Let us know if this helps!
Thanks
Srinivas
05/27/2022 12:13 AM - edited 05/27/2022 12:27 AM
Thanks Srinivas for the information on Application Logs.
My query is more around Application Audit logs & not application logs.
Note: Our Saviynt Version is V5.5 SP3.10
05/27/2022 04:21 AM
Hi Sivagami
Application audit logs are available in UI, the number of days it depends on logs rotations. And recent logs will be available.
yes there may be the case when the logs are not visible on UI but might be available in backend , we can archive the logs and store in DB.
Thanks
srinivas
05/27/2022 04:26 AM
Is there any job to archive job similar like tasks & request
05/27/2022 11:16 AM
@Srinivas - Could you shed some light on the log rotation process mentioned?
05/30/2022 08:56 PM
Hi Sivagami,
Greetings,
Application Audit Logs contains the audit information of who did what at what time. This provides the User login information, User access Information and transactional information of what changed in the system. This is the SIEM data which saviynt expose.
Coming to the Application Access Log Rotation Policy, Saviynt does not store the these SIEM for a very long time. Saviynt will maintain this data and archive the Application Access log older than 'X' number of days. The Archived Application Access Logs would be made available as a flat file which can be extracted on request from the Amazon S3 bucket.
The frequency of data archival or rotation policy is not standardized for all the customers at the moment. Currently there is no automated Job to archive Application Audit Logs as well. But if you want the details of your customer's archival, the project team can help with the details around when the latest archival was done and can also help extract the archive data flat file, if provided with a valid Business Justification.
Having said that, Every customer will have different standards and different rotation policies. To standardize this, it is recommended to look out for SIEM Integration tools and extract SIEM data from Saviynt on a regular basis and store it outside Saviynt based on the customer's retention policies.
Benefits:
Hope this helps.