Viewing Data Loss Prevention Logs
- Go to Agents > Agent Management or Logs > Agents > Security Risks.
- In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
- Click Logs > Data Loss Prevention Logs or View Logs > DLP Logs.
- Specify the log criteria and then click Display Logs.
- View logs.
Logs contain the following information:
Table 1. Data Loss Prevention Log Information
The date and time that Data Loss Prevention logged the incident
The user name logged on to the endpoint
The name of endpoint where Data Loss Prevention detected the transmission
The domain of the endpoint
The IP address of the endpoint
The rule name(s) that triggered the incidentNote:
Policies created in a previous version of OfficeScan display the default name of LEGACY_DLP_Policy.
The channel through which the transmission occurred
The process that facilitated the transmission of a digital asset (the process depends on the channel)
For details, see Processes by Channel.
The source of the file containing the digital asset, or channel (if no source is available)
The intended destination of the file containing the digital asset, or channel (if no source is available)
The action taken on the transmission
A link which includes additional details about the transmission
For details, see Data Loss Prevention Log Details.
- To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.