Activity Logs

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

On the Users > Activity page, you can see log information for user sessions and actions, as well as system events. For information on log details, see Log Details.

To see activity logs:

  1. From the top navigation bar, select Settings.
  2. From the left pane, select Users.
    The Activity page opens.
  3. Select the type of activity you want to see the logs for (Sessions, User Actions, or System Events).

Screen shot of WatchGuard Endpoint Security, Users Activity page

  1. To filter the subset of activities, select Filters.

Screen shot of WatchGuard Endpoint Security, Users activity log filter

  1. In the From and To text boxes, specify the date range you want to see activity logs for.
  2. Click Filter.

Export Activity Logs

You can export activity logs to a comma-separated value (CSV) file that you can use in other applications.

To export activity logs:

  1. From the top navigation bar, select Settings.
  2. From the left pane, select Users.
    The Activity page opens.
  3. Select the type of activity you want to export (Sessions, User Actions, or System Events).
  4. To export the results, click in the upper-right corner of the window.
    The browser automatically downloads a CSV file of the results.

Log Details

On the Users > Activity page, these columns are available for different types of activities.

Sessions

The Sessions tab displays information on access to the web UI such as when the user logs in and logs out.

Date — The date and time when the activity occurred.

User — The name of the user who completed the activity.

Activity — The activity completed (for example, Log in or Log out).

IP Address —The IP address of the endpoint device.

User Actions

The User Actions tab displays users actions, such as when the user creates or edits a security settings profile or task, deletes a computer, or changes the group that a computer belongs to.

Date — The date and time when the action occurred.

User — The name of the user who completed the action.

Action — The user action completed (for example, allow threat).

Item Type — The type of device the action was performed on (for example, computer or non-persistent computer).

Item — The name of the computer that the action occurred on.

System Events

The System Events tab displays all events that occur in WatchGuard Endpoint Security that were not initiated by a user, such as when a computer registers on the server for the first time or after computer deletion or reinstallation.

Date — The date and time when the system event occurred.

Event — The action taken by WatchGuard Endpoint Security.

Type — The object that the action was taken on (for example, a computer or non-persistent computer).

Item — The name of the computer that the system event occurred on.

See Also

General Settings