Understanding the event log

The event log tracks all system, network, and user activity. Event categories include:

• External events: Syslog events generated by devices. The administrator can filter which syslog events are logged by using external event filters. See Managing external event filters.
• Device events: Tracks actions performed on devices, and detects configuration discrepancies and compliance violations.
• User events: Tracks user activity such as logons, logoffs, database transactions, job submissions and approvals. Changes to the database performed via web services are logged as user events.
• Job events: Tracks user, policy, device import, and web services initiated job activity.
• System events: Tracks changes to the system's operational status such as startup or processing error.
• Debug events: Tracks the progress of syslog messages through the system, when syslog debug is enabled in a device agent.

Logged events can trigger policy execution. For example, syslog change events trigger the Auto Archive policy to perform a snapshot action, allowing the system to update the archive when changes are made externally.

The system administrator can define when events are purged such as keeping 60 days of events.