Working with Log Explorer

Every endpoint protected by Ivanti Device and Application Control generates activity logs for administrator and user-defined client actions.

Log Explorer activity logs that record device connection attempts and denials. In addition, all tasks performed in the Management Console generate audit logs showing actions carried out by administrators, such as changing user access rights and device permissions. The information in these logs is sent to the database and can be viewed through the Log Explorer module of the Management Console.

If you have appropriate administrative privileges, you can use the Log Explorer module to view logs of user input/output (I/O) device activities including:

  • Unsuccessful attempts to access I/O devices from client computers.
  • Records showing when devices are connected from a client computer.
  • Client errors.
  • Files copied by a user to a device connected to a client computer.
  • Files read from a device connected to a client computer.

With the Log Explorer module you can also:

  • Sort, add criteria, define columns, create templates, and organize information.
  • Monitor the activities of administrators using audit log information.
  • Save the results of querying log entries.
  • Generate on-demand or automatic reports containing details of user input or output (I/O) device actions or administrator actions.
  • Generate custom reports using templates.
  • The Log Explorer Window
    The Log Explorer window is the primary mode for administrator interaction with Log Explorer module functions.
  • Navigation Control Bar
    You can use the navigation control bar to select a template or navigate and control your results.
  • Column Headers
    The column headers display the title of the columns.
  • Criteria/Properties Panel
    The Criteria/Properties panel displays the criteria used in the template and the log entry information that corresponds to rows shown in the Results panel.
  • Results Panel/Custom Report Contents
    The Results panel is the area of the Log Explorer window which displays and categorizes the template query results.
  • Log Explorer Templates
    The operation of the Log Explorer module is based on templates that allow you to generate custom reports containing results that match specific criteria.
  • Select and Edit Templates Dialog
    The Select and edit templates dialog is used to select, add, edit, import, export, schedule, and run templates.
  • Template Settings Dialog
    The Template settings dialog is used to define the settings used for a new template, or a template selected from the Select and edit templates dialog:
  • Upload Latest Log Files
    You may need to view the most current log information to help you quickly troubleshoot problems or verify that permissions or authorizations are set correctly.
  • View Shadow Files
    To view shadow files, you can use predefined templates. When a predefined template does not contain the type of data that you want to review, you can create your own template query to view shadow files.
  • Forcing the Upload of Shadow Files from a Client Upon User Log Off
    Use scomc.exe with the fetch, dismount, and maxround options in your client log off scripts to force the upload of shadow files to the server.
  • Windows Event Log Entries Created by Device Control
    Learn about the entries created in the Windows Event logs by Device Control actions.

Related Information: