6. Auditing

Audit Log

Each event that is triggered by an action (user based or automatically) is recorded by the system and is visible in the Audit log. This feature allows Administrators to track events and data transfers on the system. Only users with the administrator role are able to view the Audit log.

The time, event details, user, source and status of the action are listed. You can filter the events by entering text in the search box and also sort based on column headers.


Export Audit Log

You can export the audit data in a CSV (comma separated values) file. This can be loaded in any 3rd party application, or saved in another internal database.

Retention and Syslog integration

In order to change audit settings please go to Audit page and click the Settings button in the top right.

This field allows you to configure a retention period for audit events. Any events older than the specified period of time will be automatically removed.

Syslog integration settings

Enabling this integration will instruct Vault to send any audit event to the configured Syslog server.

Please note that only UDP protocol is supported for now. Because of this, Vault will not be able to validate the connection to the Syslog server. A test message will be sent if the configuration was successful.


The following settings are available for configuration:



Default value


The type associated with Vault events

User Level Messages

Log level

Determines which messages get sent to the Syslog server, it filters out any message less important than the one selected


Server address

The address of the server where the Syslog is located

Server port

The open port on the Syslog server for accepting messages



The language to use for logging messages



Timezone recorded at the sending log time

(UTC) Coordinated Universal Time

Output format

It is possible to choose between Standard or CEF format


CEF Message Format

Base Format: Date Host CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension]
Example: 2020-01-16T08:45:47Z LE10-L3174 CEF:0|OPSWAT|VAULT||1|Logon|6|requestClientApplication= deviceAction=Logon outcome=Success msg=Username logged on.