Forum Discussion
NicCage
Mar 21, 2018Nimbostratus
If Audit Logging is enabled (Default in Versions >= 11.6) you will find a corresponding Log entry in the Audit Log /var/log/audit.
When searching in the file is not comfortable enough you could upload a QKVIEW to IHealth and check out Security -> Overview. Here you are able to select Audit Log Entries based on a Time-Line.
If you want to enable Audit Logging for TMSH / WebUI on a Big IP prior 11.6 execute the following: tmsh modify sys daemon-log-settings mcpd audit enabled tmsh modify sys db config.auditing value enable