Site Navigation: Server logs

This article describes how to change log settings, filter logs, and create exports.

Logs (explained)

Logs are a detailed record of user activity, events, actions, and errors in the system.

To see logs, in the Site Navigation pane, select Server Logs.

Log type

What is logged?

System logs

System-related information

Audit logs

User activity

Rule-triggered logs

Rules in which users have specified the Make new <log entry> action. For more information about the <log entry> action, see Actions and stop actions (explained).

To see logs in a different language, see General tab (options) under Options.

To export logs as comma-separated values (.csv) files, see Export logs.

To change log settings, see Server Logs tab (options).

Filter logs

In each log window, you can apply filters to see log entries from, for example, a specific time span, device, or user.

  1. In the Site Navigation pane, select Server Logs. By default, the System logs tab appears.

    To navigate between log types, select a different tab.

  2. Under the tabs, select a filter group, for example, Category, Source type, or User.

    A list of filters appears.

  3. Select a filter to apply it. Select the filter again to remove it.

    Optional: In a list of filters, select Display applied filters only to see only the filters that you applied.

The contents of your export change depending on the filters that you apply. For information about your export, see Export logs.

Export logs

Exporting logs helps you to, for example, save log entries beyond the log retention period. You can export logs as comma-separated values (.csv) files.

To export a log:

  1. Select Export in the upper-right corner. The Export window appears.

  2. In the Export window, in the Name field, specify a name for the log file.

  3. By default, exported log files are saved in your Log export folder. To specify a different location, select to the right of the Destination field.

  4. Select Export to export the log.

The contents of your export change depending on the filters that you apply. For information about your export, see Filter logs.

Allow 2018 R2 and earlier components to write logs

The 2018 R3 version of the log server introduces authentication for added security. This prevents 2018 R2 and earlier components from writing logs to the new log server.

Affected components:

  • XProtect Smart Client
  • XProtect LPR Plug-in
  • LPR Server
  • Access Control Plug-in
  • Event Server
  • Alarm Plug-in

If you're using the 2018 R2 or earlier version of any of the components listed above, you must decide whether or not to allow the component to write logs to the new log server:

  1. Select Tools > Options.

  2. In the Options dialog box, at the bottom of the Server Logs tab, find the Allow 2018 R2 and earlier components to write logs check box.

    • Select the check box to allow 2018 R2 and earlier components to write logs
    • Clear the check box to not allow 2018 R2 and earlier components to write logs

System logs (properties)

Each row in a log represents a log entry. A log entry contains a number of information fields:

Name

Description

Log level

Info, warning, or error.

Local time

Timestamped in the local time of your system's server.

Message text

The identification number for the logged incident.

Category The type of logged incident.
Source type

The type of equipment on which the logged incident occurred, for example, server or device.

Source name

The name of the equipment on which the logged incident occurred.

Event type

The type of event represented by the logged incident.

Audit logs (properties)

Each row in a log represents a log entry. A log entry contains a number of information fields:

Name

Description

Local time

Timestamped in the local time of your system's server.

Message text

Shows a description of the logged incident.

Permission The information about whether the remote user action was allowed (granted) or not.
Category The type of logged incident.
Source type

The type of equipment on which the logged incident occurred, for example, server or device.

Source name

The name of the equipment on which the logged incident occurred.

User

The user name of the remote user causing the logged incident.

User location The IP address or host name of the computer from which the remote user caused the logged incident.

Rule-triggered logs (properties)

Each row in a log represents a log entry. A log entry contains a number of information fields:

Name

Description

Local time

Timestamped in the local time of your system's server.

Message text

Shows a description of the logged incident.

Category The type of logged incident.
Source type

The type of equipment on which the logged incident occurred, for example, server or device.

Source name

The name of the equipment on which the logged incident occurred.

Event type

The type of event represented by the logged incident.

Rule name The name of the rule triggering the log entry.
Service name The name of the service on which the logged incident occurred.