dctrllog
Clients log unauthorized device access instances and send the logs to the server. A client that runs continuously aggregates the logs and sends them after a 24-hour time period. A client that got restarted checks the last time the logs were sent to the server. If the elapsed time exceeds 24 hours, the client sends the logs immediately.
To keep the size of logs from occupying too much space on the hard disk, manually delete logs or configure a log deletion schedule. For more information about managing logs, see Managing Logs.
To view Device Control logs:
Logs > Networked Computer Logs > Security Risks
Networked Computers > Client Management
In the client tree, click the root domain icon 
to include all clients or select specific domains or clients.
Click Logs > Device Control Logs or View Logs > Device Control Logs.
Specify the log criteria and then click Display Logs.
View logs. Logs contain the following information:
Date/Time unauthorized access was detected
Computer where external device is connected or where network resource is mapped
Computer domain where external device is connected or where network resource is mapped
Device type or network resource accessed
Target, which is the item on the device or network resource that was accessed
Accessed by, which specifies where access was initiated
Permissions set for the target
To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.
See also: