System audit logs track activities such as the creation, modification, or deletion of Linux OS users, log tampering, and any changes to file or directory permissions. This type of audit log is disabled by default due to the high volume of data gathered. To enable this function, you must manually enable utils auditd using the CLI. After you have enabled the system audit log feature, you can collect, view, download, or delete selected logs through Trace & Log Central from the Real-Time Monitoring Tool. System audit logs take on the format of vos-audit.log.
For information about how to enable this feature, see the Command Line Interface Reference Guide for Cisco Unified Communications Solutions. For information about how to access collected logs from the Real-Time Monitoring Tool, see the Cisco Unified Real-Time Monitoring Tool Administration Guide .