Viewing Data Loss Prevention Logs

  1. Go to Agents > Agent Management or Logs > Agents > Security Risks.
  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Click Logs > Data Loss Prevention Logs or View Logs > DLP Logs.
  4. Specify the log criteria and then click Display Logs.
  5. View logs.

    Logs contain the following information:

    Table 1. Data Loss Prevention Log Information




    The date and time that Data Loss Prevention logged the incident

    User Name

    The user name logged on to the endpoint


    The name of endpoint where Data Loss Prevention detected the transmission


    The domain of the endpoint

    IP Address

    The IP address of the endpoint

    Rule Name

    The rule name(s) that triggered the incident


    Policies created in a previous version of OfficeScan display the default name of LEGACY_DLP_Policy.


    The channel through which the transmission occurred


    The process that facilitated the transmission of a digital asset (the process depends on the channel)

    For details, see Processes by Channel.


    The source of the file containing the digital asset, or channel (if no source is available)


    The intended destination of the file containing the digital asset, or channel (if no source is available)


    The action taken on the transmission

    File/Data Size

    The size of the detected object


    A link which includes additional details about the transmission

    For details, see Data Loss Prevention Log Details.

  6. To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.