Audit entry types

The following table explains the audit entry types.

Table 1. Audit entry types
Type Definition
admin.attachLog.mgtserver A Log Server was associated with a Management Server.
admin.attachLog.webportalserver A Log Server was associated with a Web Portal Server.
admin.authenticationkey.change The authentication key of an API Client element was changed.
admin.changeIp.mgtserver The Management Server IP address changed.
dmin.changeMgtIp.logserver The Management Server IP address on the Log Server changed.
admin.changeMgtIp.webportalserver The Management Server IP address on the Web Portal Server changed.
admin.create A superuser administrator was created.
admin.defaultfiltercolors.change The default filter colors for an administrator were changed.
admin.disabled An administrator was disabled.
admin.enabled An administrator was enabled.
admin.enginepassword.change An administrator's engine password changed.
admin.login An administrator logged on to the Management Server.
admin.logout An administrator logged out from the Management Server.
admin.password.change An administrator's password changed.
admin.permission.change Permissions for an administrator changed.
admin.sendmessage.disabled The sending of messages was disabled.
admin.sendmessage.enabled The sending of messages was enabled.
admin.update The properties of an Administrator account were changed.
alert.ack.policy An active alert was automatically acknowledged according to the Alert Policy.
alert.ack.user An administrator acknowledged an active alert.
alert.policy.upload A policy was uploaded to the Log Server.
alert.test A test alert was sent.
archive.export An administrator ran a script to export an archive.
audit.start The Audit Service started.
audit.stop The Audit Service stopped.
backup.create A backup was created on the server where the audit entry was created.
backup.delete A backup was deleted from the server where the audit entry was created.
backup.restore A backup was restored io the server where the audit entry was created.
ca.certificate.download An internal certificate authority was uploaded to an engine.
ca.certificate.stoptrusting An engine was commanded to stop trusting an internal certificate authority.
certificate.delete A certificate was deleted.
certificate.export A certificate was exported.
certificate.generate A certificate was generated.
certificate.import A certificate was imported.
certificate.signed A certificate was signed.
crypto.start Cryptographic functions started.
database.migrate The database of the Log Server was migrated.
database.password.change The database password of the server where the audit entry was created was changed.
diff.start An XML comparison started.
diff.stop An XML comparison ended.
engine.initial.contact An engine performed initial contact to the Management Server.
engine.initial.generate The initial configuration was generated for an engine.
engine.upgrade.end An engine upgrade ended.
engine.upgrade.start An engine upgrade started.
export.start An export operation started.
firewall.diagnostic Diagnostic mode was selected for a Firewall.
firewall.policy.upload A policy was uploaded to a Firewall.
firewall.reset.database The user database on the firewall was reset.
gui.lock The Management Client window was locked due to inactivity.
gui.unlock The Management Client was unlocked.
ha.sync A Management Server retrieved a database backup in a high-availability environment.
https.certificate.request An HTTPS certificate request was created.
import.start An import operation started.
import.stop An import operation ended.
incident.attachment.add An attachment was added to an Incident Case.
incident.attachment.remove An attachment was removed from an Incident Case.
incident.attachment.update An attachment for an Incident Case was updated.
incident.player.add A player was added to an Incident Case.
incident.player.remove A player was removed from an Incident Case.
incident.player.update A player attached to an Incident Case was updated.
installserver.log An initial configuration for an engine was uploaded to the Installation Server or an engine sent logs to the Installation Server in plug-and-play configuration.
installserver.trace An engine sent traces to the Installation Server in plug-and-play configuration.
ips.policy.upload A policy was uploaded to an IPS engine.
license.activate A license file or a license component was activated.
license.delete A license component was deleted.
license.install A license was installed.
log.browse An administrator performed a query in the Logs view.
log.forward The current log forwarding rules were saved when saving the Log Server element.
log.forward.deleted A log forwarding rule was deleted.
log.forward.new A log forwarding rule was added.
logdatamanager.abort A scheduled task was aborted in the Log Server.
logdatamanager.complete A scheduled task was completed in the Log Server.
logdatamanager.start An administrator manually started a task.
logpruningfilter.apply A pruning filter was applied to the Log Server.
logpruningfilter.delete A pruning filter was deleted from the Log Server.
logpruningfilter.refresh After a Log Server reconnected to the Management Server, all pruning filters were retrieved on the Management Server and reapplied.
logreception.start The log reception process started.
logreception.stop The log reception process ended.
logserver.certify The Log Server was certified.
mgtserver.blacklist The Management Server added a blacklist entry to a Firewall.
mgtserver.blacklist.flush The Management Server removed all blacklist entries from a Firewall.
mgtserver.certify The Management Server was certified.
mgtserver.ha.activation A Management Server was set to active in a high-availability environment.
mgtserver.ha.exclusion A Management Server was excluded or included in database replication in a high-availability environment.
mgtserver.ha.replication A Management Server is executing a full database replication in a high-availability environment.
mgtserver.smc_api.enabled The SMC API was enabled.
mgtserver.smc_api.disabled The SMC API was disabled.
mgtserver.unblacklist The Management Server removed a blacklist entry from a Firewall.
mgtserver.update.activation A dynamic update package was activated.
mgtserver.update.download A dynamic update package was downloaded.
mgtserver.update.import A dynamic update package was imported.
mgtserver.update.update_server_availability The availability of the update server for dynamic update packages and engine upgrade images changed.
mgtserver.upgrade.download An engine upgrade image was downloaded.
mgtserver.upgrade.import An engine upgrade image was imported.
mgtserver.web_start.disabled Web Start was disabled for the Management Server.
mgtserver.web_start.enabled Web Start was enabled for the Management Server.
object.delete An object was deleted.
object.insert A new object was added.
object.move An object was moved to another Domain.
object.update An object was updated or saved.
password.verification An administrator entered an incorrect password.
policy.upload.end A policy upload ended.
policy.upload.start A policy upload started.
report.preview A Report was previewed.
report.print A Report was printed.
securityengine.policy.upload A policy was uploaded on an NGFW Engine.
server.migrate The data of a server was migrated.
server.sginfo An sgInfo package was created.
server.start A Log Server was started.
server.stop A Log Server was stopped.
session.terminated The Management Client session was terminated due to inactivity.
trash.add An element was sent to the trash.
trash.undelete An element was restored from the trash.
trusted.certificate.validation.failure TLS certificate validation failed.
trusted.connection.end A TLS connection ended.
trusted.connection.failure A TLS connection failed.
trusted.connection.start A TLS connection started.
vpn.certificate.request A VPN certificate request was created.
vpn.certificate.sign A VPN certificate was signed.
vpn.configuration.export A VPN Client configuration file was exported.
vpn.psk.create A pre-shared key was added in a VPN tunnel.
vpn.psk.delete A pre-shared key was removed from a VPN tunnel.
vpn.psk.modify A pre-shared key was removed from a VPN tunnel.
webportal.log.browse The filtering or the data type in the Web Portal Log Browser was changed.
webportal.log.pdf The Log Details were viewed as a PDF from the Web Portal Log Browser.
webportal.report.pdf A Report was printed as a PDF from the Web Portal.
webportal.report.preview A Report was previewed as HTML from the Web Portal.