Audit Log data
The following table details the system audit information that is collected and displayed in the Audit Log in table format:
| Column | Description |
|---|---|
| Date |
Date and time of the change, adjusted for time zones. To ensure consistent data in the Audit Log, ensure that all machines running Forcepoint components have their date and time settings synchronized. |
| User | Username of the administrator who made the change. |
| Server | IP address of the appliance affected by the change. |
| Client | IP address of the administrator machine that made the change. |
| Role | Administrator role (Super Administrator, Auditor, Quarantine Administrator, Reporting Administrator, Security Administrator, Policy Administrator, CLI Administrator, or Group Reporting Administrator). |
| Type | The location of the change in the module interface (for example, if you enter a new subscription key, this column displays General | Subscription). |
| Element | Identifier for the specific dynamic object changed, if any. |
| Action | Type of change made (for example, add, delete, update, import, export, move, auth, sync, reset, save, deliver, reprocess, or not spam). |
| Action Detail |
A link that opens a Details message box with information about the change made. Starting in version 8.5.4, Action Detail includes information about specific changes between updates to the global Always Block and Always Permit lists. |