2.10 Managing operation logs
You can collect operation logs from a target computer if you set collection of operation logs in a security policy and assign the security policy to the target computer.
To collect operation logs, an agent must be installed on the target computer. Also, to save the collected operation logs on the management server, Setup must be configured on the management server so that operation logs can be collected.
You can change the types of operation logs to be collected in the security policy settings. You can also change the setting of whether to detect suspicious operations in the security policy settings.
The following table shows the categories of suspicious operations and how to confirm them.
Category |
Operations selected as suspicious in the security policy |
Confirmation methods |
||
---|---|---|---|---|
Security module > Operation Logs > Operation Log List view |
Events module > Events > Event List |
Suspicious Operations panel |
||
Suspicious file operations |
Send/Receive E-mail with Attachments |
|
In the Type column, Suspicious is displayed. |
Send E-mail with Attachments is displayed. |
Use Web/FTP Server |
|
In the Type column, Suspicious is displayed. |
Use Web/FTP Server is displayed. |
|
Copy/Move the File to External Device |
|
In the Type column, Suspicious is displayed. |
Copy/Move the File to External Device is displayed. |
|
Suspicious print operation |
Large Number of Printing Jobs |
-- |
In the Type column, Suspicious is displayed. |
-- |
Legend: --: Not displayed.
If conditions for suspicious file movement operations are set in the security policy, you can track the history of such operations using the operation logs.
For details about suspicious file movements, see 2.10.3 Investigating suspicious movements of files from systems using operation logs. For details about suspicious print operation, see 2.10.5 Collecting logs for suspicious print operations.
- Tip
-
Collecting all types of operation logs might consume large amount of disk capacity. You can reduce consumption of disk capacity by collecting only the operation logs directly related to information leakage, or by specifying the target operations.