Manage Audit Logs

Manage can track administrative user activity. You can download and view audit logs that contain a history of administrative user actions. By default, user audit logs are retained for a maximum of 30 days. You can set this value from 7 to 30 days with the Audit Logs Retention Policy option.

To configure audit logs, select Configuration > System Settings > Audit Logs option.

For information on how to send audit logs to a syslog server, see Syslog Integration.

Set Duration for Audit Log Download

To specify which portion of the logs to download, choose a From and To date, or choose the Last option and select the number of hours, days, or months.

To select the type of log entries that you want to download, select an option from the Type drop-down list. The default option is All that includes all log types in the download.

You can sort the log by date and time, module, host address, user role, login name, type, and status of the login attempt. Use the Ordered by drop-down list to select the sort field.

To configure settings for user action logs to download:

  1. Select Configuration > System Settings > Audit Logs.
  2. Select the type of action log to download.
  3. Select the From and To date for the logs to download.

Alternatively, you can select Last and specify the number of elapsed days, months, or years for which you want to download the user action logs.

  1. Click Save to save the changes.

Download Audit Logs

To download the audit logs:

  1. Select Configuration > System Settings > Audit Logs.
  2. Click Download.

The user action log is downloaded as a .csv file. The contents of the log depends on the type of action log that you download.

Audit Logs Retention Policy

By default, user action logs are retained for 30 days. You can customize the policy and set a value from 7 to 30 days.

For more information on Wi-Fi Cloud data retention and European GDPR requirements, see GDPR Data Search and Delete in Wi-Fi Cloud in the WatchGuard Knowledge Base.