Audit Logs

What can I do here?

Use this window to see the audit logs from all Security Gateways. The logs are stored on the Security Management Server and Log Servers.

Audit logs capture workflow operations for tracking and troubleshooting. Use them to track and analyze changes to the security and network environment.

Understanding Logging

Security Gateways generate logs, and the Security Management Server generates audit logs. The Security Policy that is installed on each Security Gateway determines which rules generate logs.

Logs can be stored on a:

• Security Management Server that collects logs from the Security Gateways. This is the default.
• Log Server on a dedicated machine. This is recommended for organizations that generate a lot of logs.
• Security Gateway. This is called local logging.

To find out how much storage is necessary for logging, see sk87263 or the new appliance datasheet.

In a Multi-Domain Security Management environment, the Security Gateways send logs to the Domain Management Server. The Multi-Domain Server generates logs, and they can be stored on the Multi-Domain Server. To learn how to deploy logging in a Multi-Domain Security Management environment, see the R80.20 Multi-Domain Security Management Administration Guide.

To learn how to monitor the Log Receive Rate on the Security Management Server / Log Server in R80 and higher, see sk120341.

To decrease the load on the Security Management Server, you can install a dedicated Log Server and configure the gateways to send their logs to this Log Server. To see the logs from all the Log Servers, connect to the Security Management Server with SmartConsole, and go to the Logs & Monitor view Logs tab.

A Log Server handles log management activities:

• Automatically starts a new log file when the existing log file gets to the defined maximum size.
• Handles backup and restore for log files.
• Stores log files for export and import.
• Makes an index of the logs. Therefore, log queries work quickly.