The log audit feature of Secure Access Service Edge (SASE) provides detailed event audit logs. You can use the audit logs for subsequent event tracing and compliance inquiries. This topic describes how to view audit logs for private access, administrator operation logs, audit logs for Internet behavior management, logs for over-quota registration applications, uninstallation application logs, acceleration logs, access logs, and antivirus logs.
Audit for private access
Regular logs
After you configure and enable a private access policy, the system allows or blocks access based on the configured policy when the system identifies an event that matches the policy. The system also records the operation in regular logs on the Private Access Audit tab for reference.
View log details: Find the log that you want to view and click Details in the Actions column. You can view the hit policy, basic information, access information, and terminal status.
View the devices, authorized applications, and O&M exceptions of a user: Click the username to view the following information.
Section | Description | Supported operation |
Data statistics | This section displays the following information to help you understand the overall access behavior of a user:
| View detailed information: When you click the value of a parameter, the detailed information is displayed in the lower-part list. |
Detailed information | This section displays the Devices, Authorized Applications, and O&M Exceptions tabs. | View the risk description: Click Details in the Actions column to view the risk description. |
Web application access logs
SASE enhances web application security by using security validation and access tracing. Security validation checks Host headers in HTTP requests to prevent attackers from bypassing security measures. Access tracing involves tracking access to applications by adding information such as usernames to HTTP request headers.
You can choose to view the access logs that trigger access hardening. For more information, see Add an office application to SASE.
Terminal management
On the Terminal Management tab, you can view the following information about the use of the SASE client: Logon and Logoff Logs, Online/Offline Logs, Over-quota Registration Application Logs, Uninstallation Application Logs, and Terminal Logs.
You can download logs on the Terminal Management tab.
For more information about terminals, see Configure and review registration information about terminals.
Sensitive file detection
On the Sensitive File Detection tab, you can query the logs of sensitive files transferred outbound by users. For more information about sensitive file detection, see Monitor outbound file transfers to ensure data security.
To view the details of detected sensitive files, click Details. You can view the file information, key information, sensitive message, hit policy, office terminal, and outbound transfer channel.
Software management
On the Software Management tab, you can view the applications submitted by users for software usage and the violations related to unauthorized software detected by the SASE client. For more information, see Manage software.
Administrator operation logs
On the Administrator Operation Logs tab, you can view the details of operations that the administrator performs on the system. The details include Operation Time, Account ID, Operation Source, Operation Feature, Operation Page, and Operation Type.
