System Events

The System Event log is a record of system-related events (as opposed to security-related events).

Once collected by the Vulnerability ProtectionDeep Security Manager, Event logs are kept for a period of time which can be set Administration > System Settings > Storage. The default setting is one week.

From the main page you can:

• View () the details (properties) of a system event
• Search () for a particular system event
• Export () currently displayed system events to a CSV file
• View existing Auto-Tagging () Rules.

Additionally, right-clicking an Event gives you the option to:

• Add Tag(s): Add an Event Tag to this event (See Event Tagging.)
• Remove Tag(s): Remove exiting Event Tags

View

Selecting an event and clicking View () displays the Event Viewer Properties window.

General

General Information

• Time: The time according to the system clock on the computer hosting the Vulnerability ProtectionDeep Security Manager.
• Level: The severity level of event that occurred. Event levels include Info, Warning, and Error.
• Event ID: The event type's unique identifier.
• Event: The name of the event (associated with the event ID.)
• Tag(s): Any tags attached with the Event.
• Event Origin: The Vulnerability ProtectionDeep Security component from which the event originated.
• Target: The system object associated with the event will be identified here. Clicking the object's identification will display the object's properties sheet.
• Action Performed By: If the event was initiated by a User, that User's username will be displayed here. Clicking the username will display the User Properties window.
• Manager: The hostname of the Vulnerability ProtectionDeep Security Manager computer.

Description

If appropriate, the specific details of what action was performed to trigger this entry in the system event log will be displayed here.

Tags

The Tags tab displays tags that have been attached to this Event. For More information on Event tagging, see Policies > Common Objects > Other > Tags, and More About Event Tagging in the Reference section.

Filter the List and/or Search for an Event

The Period toolbar lets you filter the list to display only those events that occurred within a specific timeframe.

The Computers toolbar lets you organize the display of event log entries by computer groups or computer Policies.

Clicking Advanced Search toggles the display of the search bar.

Pressing the "Add Search Bar" button (+) to the right of the search bar will display an additional search bar so you can apply multiple parameters to your search. When you are ready, press the "Submit Request" button (at the right of the toolbars with the right-arrow on it).

Advanced Search functions (searches are not case sensitive):

• Contains: The entry in the selected column contains the search string
• Does Not Contain: The entry in the selected column does not contain the search string
• Equals: The entry in the selected column exactly matches the search string
• Does Not Equal: The entry in the selected column does not exactly match the search string
• In: The entry in the selected column exactly matches one of the comma-separated search string entries
• Not In: The entry in the selected column does not exactly match any of the comma-separated search string entries

Export

You can export displayed events to a CSV file. (Paging is ignored, all pages will be exported.) You have the option of displaying the displayed list or the selected items.

Auto-Tagging

Clicking Auto-Tagging... displays a list of existing System Event Auto-Tagging Rules.