Intelligent audit - Smart Access Gateway - Alibaba Cloud Documentation Center

Smart Access Gateway (SAG) supports the intelligent audit feature. This feature enables the system to automatically record operations performed in the SAG console. The records are stored as audit entries that you can subscribe to and can be periodically sent to specified email addresses. This topic describes how to work with intelligent audit.

Audit entries

Log on to the SAG console.
In the top navigation bar, select the region.
In the left-side navigation pane, choose Smart Access Gateway > Intelligent Audit.
On the Intelligent Audit page, you can filter audit entries by a specific query condition, view audit entries, and download audit entries.
- Filter audit entries
  On the Audit List tab, select a query condition and click the icon. Audit entries are filtered based on the specified query condition.
- View audit entries
  Find the audit entry that you want to view and click More in the Details column. Details about the audit entry are displayed in the Details panel.
- Download audit entries
  In the upper-right corner, click the icon to download all audit entries to an on-premises machine.

Create a subscription task

You can subscribe to audit entries, which are sent to specified email addresses.

You can create at most five subscription tasks.
After you create a subscription task, it is enabled by default.
You can also manually export audit entries to specified email addresses. For more information, see Manually export audit entries to specified email addresses.

Log on to the SAG console.
In the top navigation bar, select the region.
In the left-side navigation pane, choose Smart Access Gateway > Intelligent Audit.
On the Intelligent Audit page, click the Audit List tab and then click Subscribe.

In the Create Subscription dialog box, set the following parameters and click OK.

Parameter	Description
Email Address	Enter the email addresses to which audit entries are sent. You can specify multiple email addresses and separate them with commas (,).
Send At	Specify the time when you want the system to send audit entries. Audit entries are sent to the specified email addresses at the specified time. Each email can contain at most 100,000 audit entries. If the number of audit entries exceeds 100,000, they are sent through multiple emails.
SAG Instance ID/Name	Select the SAG instances from which the audit entries are collected. By default, all SAG instances in the current region are selected.
Source	The source is the IP address of the client that performs this operation. The default value All is selected.
Object	The objects that are audited. You can select all objects. Valid values: Important Only the objects that are configured in the SAG console are displayed. Access control Cloud Connect Network (CCN) configurations Flow logs Network configurations Quality of service (QoS) policies Instance configurations SAG app configurations Application acceleration Device configurations

What to do next

Operation	Procedure
Manually export audit entries to an email address	You can manually export audit entries to specified email addresses. In the left-side navigation pane, choose Smart Access Gateway > Intelligent Audit. On the Intelligent Audi page, click the Audit List tab. Export specified audit entries: Select the audit entries that you want to export. Choose Export to Mail > Export All. Export all audit entries: Click Export to Mail > Export All. Note If you specify a query condition to filter audit entries, only the audit entries that meet the query condition are exported. In the Export Information dialog box, enter one or more email addresses and click OK.
View the subscription task details	After you create a subscription task, you can view its details. In the left-side navigation pane, choose Smart Access Gateway > Intelligent Audit. On the Intelligent Audit, click the Subscription Details tab. On the Subscription Details tab, you can view the details about each subscription task.
Modify a subscription task	You can modify the configuration of a subscription task. In the left-side navigation pane, choose Smart Access Gateway>Intelligent Audit. On the Intelligent Audit page, click the Subscription Details tab. On the Subscription Details tab, find the subscription task that you want to modify and click Modify in the Actions column. In the Modify Subscription dialog box, modify the Email Address, Send At, SAG Instance ID/Name, and Object parameters, and click OK.
Disable a subscription task	If you temporarily do not need to receive audit entries, you can disable the subscription task. In the left-side navigation pane, choose Smart Access Gateway > Intelligent Audit. On the Intelligent Audit page, click the Subscription Details tab. On the Subscription Details tab, find the subscription task and click Cancel Subscription in the Actions column.
Enable a subscription task	After you create a subscription task, it is enabled by default. You can enable a disabled subscription task to receive audit entries. In the left-side navigation pane, choose Smart Access Gateway > Intelligent Audit. On the Intelligent Audit page, click the Subscription Details tab. On the Subscription Details tab, find the subscription task and click Enable Subscription in the Actions column.
Delete a subscription task	If you no longer need to receive audit entries, you can delete the subscription task. Before you delete a subscription task, you must disable the subscription task first. For more information, see Disable a subscription task. In the left-side navigation pane, choose Smart Access Gateway > Intelligent Audit. On the Intelligent Audit page, click the Subscription Details tab. On the Subscription Details tab, find the subscription task that you want to delete and click Delete in the Actions column. In the Delete Subscription message, click OK.