2.10 Managing operation logs

You can collect operation logs from a target computer if you set collection of operation logs in a security policy and assign the security policy to the target computer.

To collect operation logs, an agent must be installed on the target computer. Also, to save the collected operation logs on the management server, Setup must be configured on the management server so that operation logs can be collected.

You can change the types of operation logs to be collected in the security policy settings. You can also change the setting of whether to detect suspicious operations in the security policy settings.

The following table shows the categories of suspicious operations and how to confirm them.

Category	Operations selected as suspicious in the security policy	Confirmation methods
		Security module > Operation Logs > Operation Log List view	Events module > Events > Event List	Suspicious Operations panel
Suspicious file operations	Send/Receive E-mail with Attachments	Suspicious column An icon is displayed. Operation Type (Detail) column Send Mail (Attachment File) is displayed.	In the Type column, Suspicious is displayed.	Send E-mail with Attachments is displayed.
	Use Web/FTP Server	Suspicious column An icon is displayed. Operation Type (Detail) column Web Access (Upload) or Web Access (Download) is displayed.	In the Type column, Suspicious is displayed.	Use Web/FTP Server is displayed.
	Copy/Move the File to External Device	Suspicious column An icon is displayed. Operation Type (Detail) column Copy file or Move file is displayed.	In the Type column, Suspicious is displayed.	Copy/Move the File to External Device is displayed.
Suspicious print operation	Large Number of Printing Jobs	--	In the Type column, Suspicious is displayed.	--

Legend: --: Not displayed.

If conditions for suspicious file movement operations are set in the security policy, you can track the history of such operations using the operation logs.

For details about suspicious file movements, see 2.10.3 Investigating suspicious movements of files from systems using operation logs. For details about suspicious print operation, see 2.10.5 Collecting logs for suspicious print operations.

Tip

Collecting all types of operation logs might consume large amount of disk capacity. You can reduce consumption of disk capacity by collecting only the operation logs directly related to information leakage, or by specifying the target operations.

Organization of this section

• 2.10.1 Types of operation logs that can be collected

• 2.10.2 Managing operation logs on the management server

• 2.10.3 Investigating suspicious movements of files from systems using operation logs

• 2.10.4 Conditions for determining whether a file is to be monitored for suspicious file movements

• 2.10.5 Collecting logs for suspicious print operations

• 2.10.6 Conditions for checking for large numbers of print jobs

• 2.10.7 Prerequisites and notes on collecting operation logs

To Page Top