With SafeConsole 5.2 you are able to customize your generated audit logs. There are two separate logs that can be generated.
- Device Audit Logs which deal with device and user actions.
- System Messages that deal with the server and admin actions.
Both allow you to customize the generated audit logs. Clicking the export button in the top right gives you the the following popup.
Simply select the range of dates you would like to include in the report. Then select your Action Type. More than one action type can be selected at once. You then have the option to sort your data. Clicking Export will prompt you if you would like to save the file as a CSV or XML file.
Device Audit Logs
Available Action Types include: (Logged In, Logged Out, Invalid Password, Device Reset, Device Registered, Created File, Deleted File, Moved File, File Blocked, Needs Approval , GeoFence Blocked Connection, GeoFence Blocked Device, Anti-Malware Update, Anti-Malware Loaded, Anti-Malware Load Error, and Malware Infection.) You can sort the data by either: (Time, User, Computer, Email, IP Address, Action, or File Name)
To get the most out of SafeConsole Audit Logs please enable the Device Audit Policy. In the policy you have the option of limiting what file types will be logged by file extension.
Available Action Types include: (Logged In, Added Administrator, Deleted Administrator, Added Certificate, Deleted Certificate, Assigned Configuration, Created Configuration, Deleted Configuration, Modified Configuration, Unassigned Configuration, Saved Configuration, Set Device Status, Changed Device Owner, Admin Locked, Deleted Device, Password Recover, Login Failed, User Updated, User Added, Admin Login Disabled) You can sort the data by either: (Time, Admin, IP Address, and Action)
The Date range can also be used when viewing the logs directly in SafeConsole.
Each Column used to sort the logs by or you can even searching for all matches entries for a column. For example, see all results for a particular serial number or user.
SIEM and other external continuous log collection integration.
It is possible to send all log events to an external target as well. This allows integrating SafeConsole logs with your current solution for log analysis. Please open a support ticket for a guided setup.