TMWS keeps comprehensive logs about threat detections and security-related events. Use these logs to assess your organization's protection policies and to identify resources at a higher risk of infection or attack.
TMWS saves logs for 180 days.
Administrators can query logs for as long as 31 days from the past 180 days.
  • Wildcard characters are not supported in log query.
  • The time displayed in each log entry is subject to the time zone of your organization as registered on the Customer Licensing Portal page. To change the time zone, go to the Customer Licensing Portal at
  • After you have integrated with Trend Micro Apex Central, TMWS synchronizes cloud proxy logs to Apex Central. On-premises gateway logs are not synchronized to Apex Central even when you have turned on On-Premises Gateway Log Upload.


  1. Go to Logs & ReportsLOG ANALYSIS.
  2. Turn log consolidation on or off.
    Log consolidation combines content types associated with web access logs (such as Javascript and CSS) into a single log event and then filters them, thus reducing the volume of logs and allowing you to focus on actual web access logs.
  3. Turn on or off on-premises gateway log upload.
    This option controls whether the TMWS on-premises gateways deployed in your organization send logs generated on them to the TMWS cloud. When this option is turned off, logs on the on-premises gateways will not display and cannot be queried on the TMWS management console.
    By default, this option is set to On.
  4. Click a log type to view.
    TMWS provides the following three type of logs:
    • Policy Enforcement
    • Internet Access
    • Virtual Analyzer