1. Administration and security
  2. Administration
  3. Audit
  4. Export audit events

With the Tenant Auditor role, you can export your audit logs in Common Event Format (CEF).

To export audit events:

  • Audit must be enabled for your organization
  • You must be assigned the Tenant Auditor role

To export your audit events:

  1. In the Administration console, navigate to Audit.
  2. Under the navigation bar, click Export.
  3. In the Save File dialog, specify a name for your export file.
  4. Click Save.

Your export file saves as a Common Event Format (CEF) file. For information about CEF, see the PDF document entitled CommonEventFormat in the upper left of: ArcSight Common Event Format (CEF) Implementation Standard. The latest version is posted on that page.