With SafeConsole 5.2+ you are able to customize your generated audit logs. There are two separate logs that can be generated. 

  1. Device Audit Logs which deal with device and user actions.
  2. System Messages that deal with the server and admin actions.

Both allow you to customize the generated audit logs. Clicking the export button in the top right gives you the the following popup. 

Simply select the range of dates you would like to include in the report. Then select your Action Type. More than one action type can be selected at once. You then have the option to sort your data and filter by Device ID. Clicking Export will prompt you if you would like to save the file as a CSV or XML file. 

Device Audit Logs

Available Action Types include: (Logged In, Logged Out, Unplugged, Invalid Password, Reset, Reset Results, Device Registered, Device Registered With Token, Registration Failed, Device Disabled, Created File, Deleted File, Moved File, File Blocked, Needs Approval, GeoFence Blocked Connection, GeoFence Blocked Device, Trusted Network Rejected Connection, Trusted Network Rejected Device Connection, Anti-Malware Update, Anti-Malware Loaded, Anti-Malware Load Error, Malware Infection Detected, Quarantined File Restored, Quanantined File Deleted, Unknown Device Connection, Device Password Recovery Stored, Device Format, PortBlocker Registered, PortBlocker Reset, PortBlocker Blocked, PortBlocker Allowed, PortBlocker Allowed Read-Only, PortBlocker Allowed Read-Only Unlisted, PortBlocker Active, PortBlocker Allow All, PortBlocker Allow All As Read-Only, PortBlocker Block All, PortBlocker Disabled, Standalone Login Requested, Password Reset, Audit Mode, Detonate Remotely, File Modified, Detonate, Detonate Results, Mass Deploy, Activation Failure, Computer Name Changed, and Policy Updated). 

You can sort the data by either: (Time, User, Computer, Computer OS, Email, IP Address, Action, or Data)

To get the most out of SafeConsole Audit Logs please enable the Device Audit Policy. In the policy you have the option of limiting what file types will be logged by file extension. 

System Messages

Available Action Types include: (Logged In With TOTP, Logged Out, Added Administrator, Deleted Administrator, Sent Password Reset Email, Password Reset Successfully, Password Reset Failed, Added Certificate, Deleted Certificate, Assigned Configuration, Created Configuration, Deleted Configuration, Deleted OU Policy, Deleted User Policy, Deleted Device Policy, Deleted All Policies, Modified Configuration, Unassigned Configuration, Saved Configuration, Saved Server Setting, Set Device Status, Scheduled Device Status Change, Unscheduled Device Status Change, Changed Device Anti-Malware Mode, Changed Device Owner, Admin Locked, Deleted Device, Password Recover, Login Failed, User Updated, User Added, User Imported, Deleted User, Sent Deployment Email, Admin Login Disabled, External Serial Updated, External Serial Removed, External Serial Imported, API Token Added, API Token Deleted, Admin Role Modified, PortBlocker Device List Modified, OU Changed, Restored Device, Invite Email Sent). 

You can sort the data by either: (Time, Admin, IP Address, and Action)

The Date range can also be used when viewing the logs directly in SafeConsole.

Each Column used to sort the logs by or you can even searching for all matches entries for a column. For example, see all results for a particular serial number or user. 

SIEM and other external continuous log collection integration. 

It is possible to send all log events to an external target as well. This allows integrating SafeConsole logs with your current solution for log analysis.