Audit entry types
The following table explains the audit entry types.
Type | Definition |
---|---|
admin.attachLog.mgtserver | A Log Server was associated with a Management Server. |
admin.attachLog.webportalserver | A Log Server was associated with a Web Portal Server. |
admin.authenticationkey.change | The authentication key of an API Client element was changed. |
admin.changeIp.mgtserver | The Management Server IP address changed. |
dmin.changeMgtIp.logserver | The Management Server IP address on the Log Server changed. |
admin.changeMgtIp.webportalserver | The Management Server IP address on the Web Portal Server changed. |
admin.create | A superuser administrator was created. |
admin.defaultfiltercolors.change | The default filter colors for an administrator were changed. |
admin.disabled | An administrator was disabled. |
admin.enabled | An administrator was enabled. |
admin.enginepassword.change | An administrator's engine password changed. |
admin.login | An administrator logged on to the Management Server. |
admin.logout | An administrator logged out from the Management Server. |
admin.password.change | An administrator's password changed. |
admin.permission.change | Permissions for an administrator changed. |
admin.sendmessage.disabled | The sending of messages was disabled. |
admin.sendmessage.enabled | The sending of messages was enabled. |
admin.update | The properties of an Administrator account were changed. |
alert.ack.policy | An active alert was automatically acknowledged according to the Alert Policy. |
alert.ack.user | An administrator acknowledged an active alert. |
alert.policy.upload | A policy was uploaded to the Log Server. |
alert.test | A test alert was sent. |
archive.export | An administrator ran a script to export an archive. |
audit.start | The Audit Service started. |
audit.stop | The Audit Service stopped. |
backup.create | A backup was created on the server where the audit entry was created. |
backup.delete | A backup was deleted from the server where the audit entry was created. |
backup.restore | A backup was restored io the server where the audit entry was created. |
ca.certificate.download | An internal certificate authority was uploaded to an engine. |
ca.certificate.stoptrusting | An engine was commanded to stop trusting an internal certificate authority. |
certificate.delete | A certificate was deleted. |
certificate.export | A certificate was exported. |
certificate.generate | A certificate was generated. |
certificate.import | A certificate was imported. |
certificate.signed | A certificate was signed. |
crypto.start | Cryptographic functions started. |
database.migrate | The database of the Log Server was migrated. |
database.password.change | The database password of the server where the audit entry was created was changed. |
diff.start | An XML comparison started. |
diff.stop | An XML comparison ended. |
engine.initial.contact | An engine performed initial contact to the Management Server. |
engine.initial.generate | The initial configuration was generated for an engine. |
engine.upgrade.end | An engine upgrade ended. |
engine.upgrade.start | An engine upgrade started. |
export.start | An export operation started. |
firewall.diagnostic | Diagnostic mode was selected for a Firewall. |
firewall.policy.upload | A policy was uploaded to a Firewall. |
firewall.reset.database | The user database on the firewall was reset. |
gui.lock | The Management Client window was locked due to inactivity. |
gui.unlock | The Management Client was unlocked. |
ha.sync | A Management Server retrieved a database backup in a high-availability environment. |
https.certificate.request | An HTTPS certificate request was created. |
import.start | An import operation started. |
import.stop | An import operation ended. |
incident.attachment.add | An attachment was added to an Incident Case. |
incident.attachment.remove | An attachment was removed from an Incident Case. |
incident.attachment.update | An attachment for an Incident Case was updated. |
incident.player.add | A player was added to an Incident Case. |
incident.player.remove | A player was removed from an Incident Case. |
incident.player.update | A player attached to an Incident Case was updated. |
installserver.log | An initial configuration for an engine was uploaded to the Installation Server or an engine sent logs to the Installation Server in plug-and-play configuration. |
installserver.trace | An engine sent traces to the Installation Server in plug-and-play configuration. |
ips.policy.upload | A policy was uploaded to an IPS engine. |
license.activate | A license file or a license component was activated. |
license.delete | A license component was deleted. |
license.install | A license was installed. |
log.browse | An administrator performed a query in the Logs view. |
log.forward | The current log forwarding rules were saved when saving the Log Server element. |
log.forward.deleted | A log forwarding rule was deleted. |
log.forward.new | A log forwarding rule was added. |
logdatamanager.abort | A scheduled task was aborted in the Log Server. |
logdatamanager.complete | A scheduled task was completed in the Log Server. |
logdatamanager.start | An administrator manually started a task. |
logpruningfilter.apply | A pruning filter was applied to the Log Server. |
logpruningfilter.delete | A pruning filter was deleted from the Log Server. |
logpruningfilter.refresh | After a Log Server reconnected to the Management Server, all pruning filters were retrieved on the Management Server and reapplied. |
logreception.start | The log reception process started. |
logreception.stop | The log reception process ended. |
logserver.certify | The Log Server was certified. |
mgtserver.blacklist | The Management Server added a blacklist entry to a Firewall. |
mgtserver.blacklist.flush | The Management Server removed all blacklist entries from a Firewall. |
mgtserver.certify | The Management Server was certified. |
mgtserver.ha.activation | A Management Server was set to active in a high-availability environment. |
mgtserver.ha.exclusion | A Management Server was excluded or included in database replication in a high-availability environment. |
mgtserver.ha.replication | A Management Server is executing a full database replication in a high-availability environment. |
mgtserver.smc_api.enabled | The SMC API was enabled. |
mgtserver.smc_api.disabled | The SMC API was disabled. |
mgtserver.unblacklist | The Management Server removed a blacklist entry from a Firewall. |
mgtserver.update.activation | A dynamic update package was activated. |
mgtserver.update.download | A dynamic update package was downloaded. |
mgtserver.update.import | A dynamic update package was imported. |
mgtserver.update.update_server_availability | The availability of the update server for dynamic update packages and engine upgrade images changed. |
mgtserver.upgrade.download | An engine upgrade image was downloaded. |
mgtserver.upgrade.import | An engine upgrade image was imported. |
mgtserver.web_start.disabled | Web Start was disabled for the Management Server. |
mgtserver.web_start.enabled | Web Start was enabled for the Management Server. |
object.delete | An object was deleted. |
object.insert | A new object was added. |
object.move | An object was moved to another Domain. |
object.update | An object was updated or saved. |
password.verification | An administrator entered an incorrect password. |
policy.upload.end | A policy upload ended. |
policy.upload.start | A policy upload started. |
report.preview | A Report was previewed. |
report.print | A Report was printed. |
securityengine.policy.upload | A policy was uploaded on an NGFW Engine. |
server.migrate | The data of a server was migrated. |
server.sginfo | An sgInfo package was created. |
server.start | A Log Server was started. |
server.stop | A Log Server was stopped. |
session.terminated | The Management Client session was terminated due to inactivity. |
trash.add | An element was sent to the trash. |
trash.undelete | An element was restored from the trash. |
trusted.certificate.validation.failure | TLS certificate validation failed. |
trusted.connection.end | A TLS connection ended. |
trusted.connection.failure | A TLS connection failed. |
trusted.connection.start | A TLS connection started. |
vpn.certificate.request | A VPN certificate request was created. |
vpn.certificate.sign | A VPN certificate was signed. |
vpn.configuration.export | A VPN Client configuration file was exported. |
vpn.psk.create | A pre-shared key was added in a VPN tunnel. |
vpn.psk.delete | A pre-shared key was removed from a VPN tunnel. |
vpn.psk.modify | A pre-shared key was removed from a VPN tunnel. |
webportal.log.browse | The filtering or the data type in the Web Portal Log Browser was changed. |
webportal.log.pdf | The Log Details were viewed as a PDF from the Web Portal Log Browser. |
webportal.report.pdf | A Report was printed as a PDF from the Web Portal. |
webportal.report.preview | A Report was previewed as HTML from the Web Portal. |