The Forcepoint DLP system log
Use the
page in the Data Security module of the Security Manager to see system actions sent from different Forcepoint components, such as Forcepoint DLP servers, protectors, gateways, and policy engines. Examine the details of each action, including the date and time it occurred and the component that reported the action.By default, the displayed actions are sorted by date and time. If a filter is used, the number of displayed actions is shown at the top of the list.
System log records are kept for 60 days.
To send System log data to the syslog server, enable the check box Send syslog
message.
Note: To use this feature, the syslog server
details must be configured.
To configure Syslog Settings, navigate to
. For more details, see Remediation section.Column | Description |
---|---|
Type | Defines whether the action is an error, or is reported for informational purposes. |
Status |
Displays either New or Confirmed. Once you view a new action, you can mark it as confirmed to show you’ve reviewed it. To mark a new action as confirmed, select the action and click Mark as Confirmed. To revert a confirmed action to new, select the event and click Mark as New. |
Message | This column may contain variables that are filled by the system, for example a full folder path or a component name. If there are multiple identical messages in a short time interval, a combined message is displayed. The Forcepoint Security Manager formats the messages so that the total number is displayed in brackets at the end of the message, for example “New component registered: XXX (2 messages in 5 sec.).” |
Date & Time | Date and time the action occurred. |
Local Date & Time | Date and time on the component where the action occurred. |
Topic |
|
Reporter | Displays the system module’s name, for example Forcepoint DLP Server - USA. |
Component | Displays the internal component name, for example Policy Engine or Endpoint Server. |