Skip to main content

Audit log – early threshold exceeded

Important
Resolve this problem as soon as possible. This is the last alert you will receive before the audit log is full.
CAUTION
System access will be restricted

When the audit log is full, only users with Security admin privileges or users logging in through SSH will have system access. Users without Security admin privileges will not be able to access the system if this issue is not resolved.

Recovery Steps

  1. The problem can be resolved by increasing the alert threshold, deleting audit log events, and/or setting the audit log policy to overwrite.

    • If you want to increase the alert threshold, go to step 2.

    • If you want to delete audit log events, go to step 3.

    • If you want to allow the oldest events in the audit log to be overwritten when the audit log is full, go to step 4.

  2. Increase the audit log early notification threshold value and then go to step 5.

    1. Go to Settings > Access Management. Then, select the Audit Log tab.

    2. Select View/Edit Settings and increase the value associated with the Send me a notification when option.

    3. Go to step 5.

  3. Delete audit log events, and then go to step 5.

    1. Go to Settings > Access Management. Then, select the Audit Log tab.

    2. Select Delete and delete the events from the audit log. It is recommended that you export the audit log events before deleting them.

  4. Set the audit log policy to overwrite, and then go to step 5.

    1. Go to Settings > Access Management. Then, select the Audit Log tab.

    2. Select View/Edit Settings and set the policy to "Allow the oldest events in the audit log...".

  5. Select Recheck to ensure the problem has been resolved.