Audit entry types
The following table explains the audit entry types.
| Type | Definition |
|---|---|
| admin.attachLog.mgtserver | A Log Server was associated with a Management Server. |
| admin.attachLog.webportalserver | A Log Server was associated with a Web Portal Server. |
| admin.authenticationkey.change | The authentication key of an API Client element was changed. |
| admin.changeIp.mgtserver | The Management Server IP address changed. |
| dmin.changeMgtIp.logserver | The Management Server IP address on the Log Server changed. |
| admin.changeMgtIp.webportalserver | The Management Server IP address on the Web Portal Server changed. |
| admin.create | A superuser administrator was created. |
| admin.defaultfiltercolors.change | The default filter colors for an administrator were changed. |
| admin.disabled | An administrator was disabled. |
| admin.enabled | An administrator was enabled. |
| admin.enginepassword.change | An administrator's engine password changed. |
| admin.login | An administrator logged on to the Management Server. |
| admin.logout | An administrator logged out from the Management Server. |
| admin.password.change | An administrator's password changed. |
| admin.permission.change | Permissions for an administrator changed. |
| admin.sendmessage.disabled | The sending of messages was disabled. |
| admin.sendmessage.enabled | The sending of messages was enabled. |
| admin.update | The properties of an Administrator account were changed. |
| alert.ack.policy | An active alert was automatically acknowledged according to the Alert Policy. |
| alert.ack.user | An administrator acknowledged an active alert. |
| alert.policy.upload | A policy was uploaded to the Log Server. |
| alert.test | A test alert was sent. |
| archive.export | An administrator ran a script to export an archive. |
| audit.start | The Audit Service started. |
| audit.stop | The Audit Service stopped. |
| backup.create | A backup was created on the server where the audit entry was created. |
| backup.delete | A backup was deleted from the server where the audit entry was created. |
| backup.restore | A backup was restored io the server where the audit entry was created. |
| ca.certificate.download | An internal certificate authority was uploaded to an engine. |
| ca.certificate.stoptrusting | An engine was commanded to stop trusting an internal certificate authority. |
| certificate.delete | A certificate was deleted. |
| certificate.export | A certificate was exported. |
| certificate.generate | A certificate was generated. |
| certificate.import | A certificate was imported. |
| certificate.signed | A certificate was signed. |
| crypto.start | Cryptographic functions started. |
| database.migrate | The database of the Log Server was migrated. |
| database.password.change | The database password of the server where the audit entry was created was changed. |
| diff.start | An XML comparison started. |
| diff.stop | An XML comparison ended. |
| engine.initial.contact | An engine performed initial contact to the Management Server. |
| engine.initial.generate | The initial configuration was generated for an engine. |
| engine.upgrade.end | An engine upgrade ended. |
| engine.upgrade.start | An engine upgrade started. |
| export.start | An export operation started. |
| firewall.diagnostic | Diagnostic mode was selected for a Firewall. |
| firewall.policy.upload | A policy was uploaded to a Firewall. |
| firewall.reset.database | The user database on the firewall was reset. |
| gui.lock | The Management Client window was locked due to inactivity. |
| gui.unlock | The Management Client was unlocked. |
| ha.sync | A Management Server retrieved a database backup in a high-availability environment. |
| https.certificate.request | An HTTPS certificate request was created. |
| import.start | An import operation started. |
| import.stop | An import operation ended. |
| incident.attachment.add | An attachment was added to an Incident Case. |
| incident.attachment.remove | An attachment was removed from an Incident Case. |
| incident.attachment.update | An attachment for an Incident Case was updated. |
| incident.player.add | A player was added to an Incident Case. |
| incident.player.remove | A player was removed from an Incident Case. |
| incident.player.update | A player attached to an Incident Case was updated. |
| installserver.log | An initial configuration for an engine was uploaded to the Installation Server or an engine sent logs to the Installation Server in plug-and-play configuration. |
| installserver.trace | An engine sent traces to the Installation Server in plug-and-play configuration. |
| ips.policy.upload | A policy was uploaded to an IPS engine. |
| license.activate | A license file or a license component was activated. |
| license.delete | A license component was deleted. |
| license.install | A license was installed. |
| log.browse | An administrator performed a query in the Logs view. |
| log.forward | The current log forwarding rules were saved when saving the Log Server element. |
| log.forward.deleted | A log forwarding rule was deleted. |
| log.forward.new | A log forwarding rule was added. |
| logdatamanager.abort | A scheduled task was aborted in the Log Server. |
| logdatamanager.complete | A scheduled task was completed in the Log Server. |
| logdatamanager.start | An administrator manually started a task. |
| logpruningfilter.apply | A pruning filter was applied to the Log Server. |
| logpruningfilter.delete | A pruning filter was deleted from the Log Server. |
| logpruningfilter.refresh | After a Log Server reconnected to the Management Server, all pruning filters were retrieved on the Management Server and reapplied. |
| logreception.start | The log reception process started. |
| logreception.stop | The log reception process ended. |
| logserver.certify | The Log Server was certified. |
| mgtserver.blacklist | The Management Server added a blacklist entry to a Firewall. |
| mgtserver.blacklist.flush | The Management Server removed all blacklist entries from a Firewall. |
| mgtserver.certify | The Management Server was certified. |
| mgtserver.ha.activation | A Management Server was set to active in a high-availability environment. |
| mgtserver.ha.exclusion | A Management Server was excluded or included in database replication in a high-availability environment. |
| mgtserver.ha.replication | A Management Server is executing a full database replication in a high-availability environment. |
| mgtserver.smc_api.enabled | The SMC API was enabled. |
| mgtserver.smc_api.disabled | The SMC API was disabled. |
| mgtserver.unblacklist | The Management Server removed a blacklist entry from a Firewall. |
| mgtserver.update.activation | A dynamic update package was activated. |
| mgtserver.update.download | A dynamic update package was downloaded. |
| mgtserver.update.import | A dynamic update package was imported. |
| mgtserver.update.update_server_availability | The availability of the update server for dynamic update packages and engine upgrade images changed. |
| mgtserver.upgrade.download | An engine upgrade image was downloaded. |
| mgtserver.upgrade.import | An engine upgrade image was imported. |
| mgtserver.web_start.disabled | Web Start was disabled for the Management Server. |
| mgtserver.web_start.enabled | Web Start was enabled for the Management Server. |
| object.delete | An object was deleted. |
| object.insert | A new object was added. |
| object.move | An object was moved to another Domain. |
| object.update | An object was updated or saved. |
| password.verification | An administrator entered an incorrect password. |
| policy.upload.end | A policy upload ended. |
| policy.upload.start | A policy upload started. |
| report.preview | A Report was previewed. |
| report.print | A Report was printed. |
| securityengine.policy.upload | A policy was uploaded on an NGFW Engine. |
| server.migrate | The data of a server was migrated. |
| server.sginfo | An sgInfo package was created. |
| server.start | A Log Server was started. |
| server.stop | A Log Server was stopped. |
| session.terminated | The Management Client session was terminated due to inactivity. |
| trash.add | An element was sent to the trash. |
| trash.undelete | An element was restored from the trash. |
| trusted.certificate.validation.failure | TLS certificate validation failed. |
| trusted.connection.end | A TLS connection ended. |
| trusted.connection.failure | A TLS connection failed. |
| trusted.connection.start | A TLS connection started. |
| vpn.certificate.request | A VPN certificate request was created. |
| vpn.certificate.sign | A VPN certificate was signed. |
| vpn.configuration.export | A VPN Client configuration file was exported. |
| vpn.psk.create | A pre-shared key was added in a VPN tunnel. |
| vpn.psk.delete | A pre-shared key was removed from a VPN tunnel. |
| vpn.psk.modify | A pre-shared key was removed from a VPN tunnel. |
| webportal.log.browse | The filtering or the data type in the Web Portal Log Browser was changed. |
| webportal.log.pdf | The Log Details were viewed as a PDF from the Web Portal Log Browser. |
| webportal.report.pdf | A Report was printed as a PDF from the Web Portal. |
| webportal.report.preview | A Report was previewed as HTML from the Web Portal. |