Use the Audit Report
Dimension automatically generates audit log messages for certain events that occur on your instance of Dimension. Events that generate a log message can occur in the database when an administrator changes a setting, or when an administrator selects a page in Dimension. Log messages are always generated for database events and when an administrator changes a setting, but you must enable Dimension to generate a log message when an administrator selects a page. For more information, see Audit Event List.
On the Audit Report page, users with Super Administrator privileges can view the Dimension Audit Report to see all the audit log messages generated by your instance of Dimension. You can specify the date and time range to include in the report, filter the audit log messages by event type, and export the log messages as a .CSV file. By default, the Audit Report shows log messages for all audit events generated on the current day.
For each log message in the Audit Report, these details appear:
- Date-Time — The date and time that the log message was generated
- User — The user name of the user account that generated the event
- IP Address — The IP address of the user account that generated the event
- Type — The type of administrator session that generated the event
- Event — The event that generated the log message
To view the Audit Report:
- Select > Administration > Administration > System Settings.
The System Settings pages appear with the Status tab selected.
- Select the Audit tab.
The Audit Report page appears with the current date selected and the log messages generated for the current date.
- To see log messages for a specific date range, in the Start and End text boxes, type the dates to include in the Audit Report.
Or, click and select the start and end dates.
- To only see log messages for a specific event type, from the Filter drop-down list, select an option:
- Device, Servers, and Groups
- VPN Configuration
- Server Configuration
- Users and Authentication
- System Configuration and Actions
- Administrative Sessions
- Dimension Instances
- All Audit Events
The Audit Report is updated to show the log messages for the date range and filter you specified.
Export the Audit Report
You can export the information you selected to see in the Audit Report to a .CSV file that you can view in a third-party tool. The default file name for the .CSV file is Audit_Report_[start-date_start_time]_to_[end-date_end-time].csv. You can change the file name when you export the file.
- From the Actions drop-down list, select Export logs (.csv).
The Save As dialog box appears.
- (Optional) To change the file name, type a file name for the report.
- Click Save.
Events that generate an audit log message can occur in the Dimension database, when an administrator changes a setting, and when an administrator selects a page. This section includes the events that generate an audit log message for each of these areas.
- The Dimension instance is registered or unregistered
- A device is added, deleted, or edited
- The device IP address, name, model, time zone, or version is changed
- Home Page
- Add or remove a device
- Edit the latitude or longitude for the device
- Enable or disable the logging setting for a device
- Regenerate a device password (download the .WGD file for a Firebox)
- Add, remove, or edit a device group (the information that changed is not included, only that a change occurred)
- Add or remove a VPN
- Add or remove a spoke to or from a VPN
- Edit the hub settings (the settings that changed are included in the log messages)
- Edit the spoke settings (the settings that changed are included in the log messages)
- Remove a server
- Managed Tasks
- Add, remove, or edit managed tasks (scheduled reports, backup, and restore)
- Cancel scheduled tasks
- Server Management
- Start, stop, or restart the server
- Retrieve or update the feature keys for Fireboxes that run Fireware OS v11.10 or lower
- Configuration changes (the settings that changed are included in the log messages)
- Enable or disable dynamic IP address resolution
- Add, edit, or delete static IP addresses in the IP Address Map
- Purge diagnostic log messages
- Create or restore a database backup file
- Change the database location settings (the settings that changed are included in the log messages)
- User Management
- Add, remove, or edit users
- Generate a log message if the passphrase for a user is changed
- Change Active Directory settings
- Change RADIUS Server settings
- Add, remove, or edit users
- System Settings
- Generate, import, export, restore, or regenerate a certificate
- Reboot, upgrade, restore, or shut down the Dimension VM
- Log out administrative users
- Changes to the configuration
- Send feedback to WatchGuard
- Changes to the remote backup settings (the settings that changed are included in the log messages)
- Updates to the system package
- Flush or purge of the email queue
- Administrator User Sessions
- Log in events
- Log out events
- Log on session expiration
- Log on account lockout
- Device Actions
- Generate log messages for actions from the Device Summary page: reboot and revert to an earlier configuration file revision
Log messages can also be generated when an administrator selects a page in Dimension. You must enable this feature in the Dimension Server Management settings. When this feature is enabled, Dimension generates a session audit log message each time an administrator selects a new page in Dimension.
For more information about how to enable this feature, see Configure the Visibility Settings.