You have been asked to investigate a potential security risk on your company's Oracle Cloud Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity.
How can you retrieve the audit logs using the OCI Command Line Interface (CLI)?
Retrieving Audit events
In order to make use of audit events, the first step is to retrieve and store audit events. Let's take a look into the ways in which an Audit event can be retrieved:
Oracle Cloud Infrastructure Web Console - With user credentials, customers can log in to the web console to access the Audit service. For example, when customers are trying the service for the first time; this helps with a first look into a handful of events.
Oracle Cloud Infrastructure CLI [3] - With CLI customers can make use of the service to retrieve events for a defined compartment and for a region specified as per CLI's config. The CLI command would look like:
#oci audit event list --start-time $start-time --end-time $end-time --compartment-id $compartment-id
Currently there are no comments in this discussion, be the first to comment!