Filtering events in the system audit log

You can configure the system audit log to display only the records of events that meet the filtering conditions (filters) that you have specified.

To filter events in the system audit log:

1. In the Application Console tree, expand the Logs and notifications node.
2. Open the context menu of the System audit log child node and select Filter.

   The Filter settings window opens.

3. To add a filter, perform the following steps:
   1. In the Field name, select a column to filter events.
   2. In the Operator list, select the filtering condition. Filtering conditions vary depending on the item selected in the Field name list.
   3. In the Field value, select a value for the filter.
   4. Click the Add button.

   The filter you added will appear in the list of filters in the Filter settings window.

4. If necessary, perform one of the following actions:
   • To combine multiple filters using the logical operator "AND", select If all conditions are met.
   • To combine multiple filters using the logical operator "OR", select If any condition is met.
5. Click the Apply button to save the filtering conditions in the system audit log.

   The list of events of the system audit log displays only events that meet the filtering conditions. The filtered results will be saved for the next time you view the system audit log.

To disable the filter:

1. In the Application Console tree, expand the Logs and notifications node.
2. Open the context menu of the System audit log child node and select Remove filter.

   The list of events of the system audit log will then display all events.