Audit log – early threshold exceeded
When the audit log is full, only users with Security admin privileges or users logging in through SSH will have system access. Users without Security admin privileges will not be able to access the system if this issue is not resolved.
Recovery Steps
The problem can be resolved by increasing the alert threshold, deleting audit log events, and/or setting the audit log policy to overwrite.
If you want to increase the alert threshold, go to step 2.
If you want to delete audit log events, go to step 3.
If you want to allow the oldest events in the audit log to be overwritten when the audit log is full, go to step 4.
Increase the audit log early notification threshold value and then go to step 5.
Go to Audit Log tab.
. Then, select theSelect View/Edit Settings and increase the value associated with the Send me a notification when option.
Go to step 5.
Delete audit log events, and then go to step 5.
Go to Audit Log tab.
. Then, select theSelect Delete and delete the events from the audit log. It is recommended that you export the audit log events before deleting them.
Set the audit log policy to overwrite, and then go to step 5.
Go to Audit Log tab.
. Then, select theSelect View/Edit Settings and set the policy to "Allow the oldest events in the audit log...".
Select Recheck to ensure the problem has been resolved.