Viewing event logs
All events relating to SDS Enterprise can be accessed via Windows event viewer on user workstations.
During a fresh SDS Enterprise installation, event logs are enabled by default.
To view the list of event logs available in SDS Enterprise, refer to List of SDS Enterprise logs.
If you encounter issues while using SDS Enterprise, refer to Troubleshooting issues.
You can disable event logs by following the procedure below.
Understanding the message types
The error messages generated by SDS Enterprise may be one of three types:
- Information messages: a simple informational message that does not involve security or require corrective action,
- Warnings: an indication to alert the administrator to a potential issue,
- Errors: a serious issue that prevents the product from functioning.
Understanding details of logged information
Logs make it possible to display the following information:
- Message type: information, warning or error,
- Date: date on which the message was generated;
- Time: time at which the message was generated;
- Source: source from which the event was generated;
- Category: short description of the event source;
- Event: number corresponding to the type of generated message;
- User: SDS Enterprise user name.
- Computer: computer name (NetBIOS).
Disabling event logs
Event logs can be enabled via the local group policy editor (gpedit.msc).
The Microsoft Windows GPO uses .admx files for configuration parameters, and .adml language files, where all texts relating to these parameters are referenced.
The installation of SDS Enterprise places:
- the Sbsuite.admx file in the %SystemRoot%\PolicyDefinitions folder
- the Sbsuite.adml language file in the %SystemRoot%\PolicyDefinitions\en-US folder.
These files are loaded automatically when gpeditis started.
- Run the local group policy editor: Start > Execute > then enter gpedit.msc.
- Click on Administrative Templates > Stormshield Data Security components.
- Double-click on Enable logging of events generated by Stormshield Data Security for all modules.
- Select the Disabled option. This is a global switch. No events will then be generated, regardless of the setting made for each feature under Stormshield Data Security Components .
You can also choose to only disable events for certain features.
For example, to disable events for the Virtual Disk feature only:
- Keep logging of events generated by SDS Enterprise enabled for all features.
- Turn off event logging for the Virtual Disk feature under Stormshield Data Security Components.
A feature with the option “Not configured” selected is enabled if the global switch is enabled.
Any changes made to the group policy will change the corresponding values in the registry. These values apply to all users individually. They can be found under the key HKEY_CURRENT_USER in the registry base. However, a group policy (specified remotely by Active Directory) takes priority over changes made locally.
