Add TCM config rerefence

Author: p7nov

doc/reference/tooling/tcm/tcm_audit_log.rst

@@ -126,8 +126,6 @@ To search for an event, use the search bar on the top of the page. Note that the
 search is case-sensitive. For example, to find events with the ``ALARM`` severity,
 enter ``ALARM``, not ``alarm``.
 
-If audit log is written to a syslog, use other tools to read it.
-
 ..  _tcm_audit_log_structure:
 
 Structure of audit log events
@@ -151,7 +149,7 @@ All entries of the |tcm| audit log include the mandatory fields listed in the ta
             -   Event severity: ``VERBOSE``, ``INFO``, ``WARNING``, or ``ALARM``
             -   INFO
         *   -   ``type``
-            -   Audit event type. Possible values are listed in :ref:`Event types <tcm_audit_log_events_types>`.
+            -   Audit :ref:`event type <tcm_audit_log_event_types>`
             -   user.update
         *   -   ``description``
             -   Human-readable event description
@@ -180,12 +178,12 @@ All entries of the |tcm| audit log include the mandatory fields listed in the ta
         *   -   ``err``
             -   Human-readable error description for events with ``nok`` result
             -   failed to login
-
-Additionally, there are fields that are written for specific types, for example:
-
-- ``clusterId`` is added to cluster-related events.
-- ``username`` for users' actions on their accounts and sessions.
-- ``payload`` for events that include sending data on the server.
+        *   -   ``fields``
+            -   Additional fields for specific event types in the key-value format
+            -   Key examples:
+                - ``clusterId`` in cluster-related events.
+                - ``username`` in ``current.*`` or ``auth.*`` events
+                - ``payload`` in events that include sending data to the server
 
 This is an example of an audit log entry on a successful login attempt: