Audit records

An audit record is a read-only log entry that

captures user activity on Cloud-Delivered Firewall Management Centers
provides auditing information in a standard event view for viewing, sorting, and filtering, and
allows detailed reporting of user changes and activities.

Audit record storage and limitations

The audit log stores a maximum of 100,000 entries. When the number of audit log entries exceeds 100,000, the appliance prunes the oldest records from the database to reduce the number to 100,000.

The audit logs do not display the user or the source IP for login errors:

When wrong password is used, the source IP is not displayed.
When the user account does not exist, both source IP and the user are not displayed.
If the attempt for an LDAP user fails, no audit log is triggered.