The endpoint system log includes system user change log, system group change log, system log, system state change log, and user login/logout log.
The system user change log records system user name changes.
To view system user change logs:
From the left navigation pane, select Policies > Behavior Policies > Logs > Endpoint System Logs.
Click the System User Change Logs tab.
The page that opens displays the system user change logs.
To filter the system user change logs, specify the filtering criteria. You can export the displayed logs on the page.
Account Name: Endpoint access account. This column is available after the EIA component is installed.
System Login Name: Account for logging in to the endpoint OS. This column is available when the EIA component is not installed.
Asset Number: Asset number assigned to the endpoint in assent registration.
Asset Name: Asset name reported to IMC after asset registration. The asset name of a PC is its name.
MAC Address: Endpoint MAC address saved in Desktop Asset Manager.
Terminal IP Address: Endpoint IP address saved in Desktop Asset Manager.
Change Type: Type of the user name change.
Timestamp: Timestamp in the YYYY-MM-DD hh:mm:ss format. The timestamp is the server time.
Full Name of Old User: User name before modification.
Full Name of Current User: User name after modification.
The system group change log records system group changes on endpoint OSs.
To view system group change logs:
From the left navigation pane, select Policies > Behavior Policies > Logs > Endpoint System Logs.
Click the System Group Change Logs tab.
The page that opens displays the system group change logs.
To filter the system group change logs, specify the filtering criteria. You can export the displayed logs on the page.
Account Name: Endpoint access account. This column is available after the EIA component is installed.
System Login Name: Account for logging in to the endpoint OS. This column is available when the EIA component is not installed.
Asset Number: Asset number assigned to the endpoint in assent registration.
Asset Name: Asset name reported to IMC after asset registration. The asset name of a PC is its name.
MAC Address: Endpoint MAC address saved in Desktop Asset Manager.
Terminal IP Address: Endpoint IP address saved in Desktop Asset Manager.
Change Type: Type of the system group change.
Timestamp: Timestamp in the YYYY-MM-DD hh:mm:ss format. The timestamp is the server time.
The system log records the system logs generated by endpoint OSs.
To view system logs:
From the left navigation pane, select Policies > Behavior Policies > Logs > Endpoint System Logs.
Click the System Logs tab.
The page that opens displays the system logs.
To filter the system logs, specify the filtering criteria. You can export the displayed logs on the page.
Account Name: Endpoint access account. This column is available after the EIA component is installed.
System Login Name: Account for logging in to the endpoint OS. This column is available when the EIA component is not installed.
Asset Number: Asset number assigned to the endpoint in assent registration.
Asset Name: Asset name reported to IMC after asset registration. The asset name of a PC is its name.
MAC Address: Endpoint MAC address saved in Desktop Asset Manager.
Terminal IP Address: Endpoint IP address saved in Desktop Asset Manager.
Level: Level of the log message.
Timestamp: Timestamp in the YYYY-MM-DD hh:mm:ss format. The timestamp is the server time.
The system state change log records endpoint OS state changes, such as shutdown, boot, unexpected shutdown, hibernation, and wakeup.
To view system state change logs:
From the left navigation pane, select Policies > Behavior Policies > Logs > Endpoint System Logs.
Click the System State Change Logs tab.
The page that opens displays the system state change logs.
To filter the system state change logs, specify the filtering criteria. You can export the displayed logs on the page.
Account Name: Endpoint access account. This column is available after the EIA component is installed.
System Login Name: Account for logging in to the endpoint OS. This column is available when the EIA component is not installed.
Asset Number: Asset number assigned to the endpoint in assent registration.
Asset Name: Asset name reported to IMC after asset registration. The asset name of a PC is its name.
MAC Address: Endpoint MAC address saved in Desktop Asset Manager.
Terminal IP Address: Endpoint IP address saved in Desktop Asset Manager.
Event: Event type.
Timestamp: Timestamp in the YYYY-MM-DD hh:mm:ss format. The timestamp is the server time.
The user login/logout log records user logins and logouts, and domain login and logouts.
To view user login/logout logs:
From the left navigation pane, select Policies > Behavior Policies > Logs > Endpoint System Logs.
Click the User Login/Logout Logs tab.
The page that opens displays the user login/logout logs.
To filter the user login/logout logs, specify the filtering criteria. You can export the displayed logs on the page.
Account Name: Account name of the terminal. This column is displayed after the EIA component is installed.
OS Login Name: Login name of the terminal’s operating system. This column is displayed when the EIA component is not installed.
Asset Number: Asset number assigned to the terminal during registration.
Asset Name: Asset name reported after the terminal is registered. This column displays PC name for a PC.
MAC Address: MAC address of the terminal.
Terminal IP Address: IPv4 address of the terminal.
Event Type: Options include Login Success, Login Failure, and Logout.
Login Type: Options include interactive login, network, batch, service, unlock, network cleartext, new credentials, remote interaction, and cached interaction.