The Forcepoint DLP system log

Use the Main > Logs > System Log page in the Data Security module of the Security Manager to see system actions sent from different Forcepoint components, such as Forcepoint DLP servers, protectors, gateways, and policy engines. Examine the details of each action, including the date and time it occurred and the component that reported the action.

By default, the displayed actions are sorted by date and time. If a filter is used, the number of displayed actions is shown at the top of the list.

System log records are kept for 60 days.

To send System log data to the syslog server, enable the check box Send syslog message.
Note: To use this feature, the syslog server details must be configured.

To configure Syslog Settings, navigate to Settings > General > Remediation. For more details, see Remediation section.

Column Description
Type Defines whether the action is an error, or is reported for informational purposes.
Status

Displays either New or Confirmed. Once you view a new action, you can mark it as confirmed to show you’ve reviewed it.

To mark a new action as confirmed, select the action and click Mark as Confirmed. To revert a confirmed action to new, select the event and click Mark as New.

Message This column may contain variables that are filled by the system, for example a full folder path or a component name. If there are multiple identical messages in a short time interval, a combined message is displayed. The Forcepoint Security Manager formats the messages so that the total number is displayed in brackets at the end of the message, for example “New component registered: XXX (2 messages in 5 sec.).”
Date & Time Date and time the action occurred.
Local Date & Time Date and time on the component where the action occurred.
Topic
  • System- Displays system messages reported by system components
  • Configuration - Displays messages reported by the system after a configuration action is executed (usually by an administrator)
Reporter Displays the system module’s name, for example Forcepoint DLP Server - USA.
Component Displays the internal component name, for example Policy Engine or Endpoint Server.