Viewing event logs

All events relating to SDS Enterprise can be accessed via Windows event viewer on user workstations.

During a new installation of SDS Enterprise, event logs are disabled by default. To enable them, modify the registry parameters relating to the various event categories so that specific types of events can be reported.

If you encounter issues while using SDS Enterprise, refer to Troubleshooting issues.

To view the list of event logs available in SDS Enterprise, refer to List of SDS Enterprise logs.

Event logs can be enabled via the local group policy editor (gpedit.msc). The logs can be accessed via Windows Event Viewer.

Microsoft Windows GPO uses .admx files for the configuration parameters and .adml language files, where all the texts related to these parameters are referenced.

The installation of SDS Enterprise places:

  • the Sbsuite.admx file in the %SystemRoot%\PolicyDefinitions folder
  • the Sbsuite.adml language file in the %SystemRoot%\PolicyDefinitions\en-US folder.

These files are automatically uploaded when launching gpedit and it is not necessary to upload them.

  1. Run the local group policy editor: Start > Execute > then enter gpedit.msc.
  2. Click on Administrative Templates > Stormshield Data Security components. The Activating the logs feature for events generated by Stormshield Data Security for all modules entry makes it possible to start generating events once it has been activated. The other entries allow you to configure event generation with greater precision.

Any changes made to the group policy will change the corresponding values in the registry database. These values apply to all users individually. They can be found under the key HKEY_CURRENT_USER in the registry base. However, a group policy (specified remotely by Active Directory) takes priority over changes made locally.

NOTE
The feature Activating the events logs for Stormshield Data Security Administration components is a general parameter: if deactivated, no event will be generated, whatever the parameter for the modules. Moreover, a “non configured” module is active if the general parameter is activated.

For example, if you want to activate the events for the Virtual Disk module only:

  1. Activate the events logs feature for all modules.
  2. Activate the events logs feature for the Virtual Disk module.
  3. Disable event logging for all other SDS Enterprise modules.

The error messages generated by SDS Enterprise may be one of three types:

  • Information messages: a simple informational message that does not involve security or require corrective action,
  • Warnings: an indication to alert the administrator to a potential issue,
  • Errors: a serious issue that prevents the product from functioning.

Logs make it possible to display the following information:

  • Message type: information, warning or error,
  • Date: date on which the message was generated;
  • Time: time at which the message was generated;
  • Source: source from which the event was generated;
  • Category: short description of the event source;
  • Event: number corresponding to the type of generated message;
  • User: SDS Enterprise user name.
  • Computer: computer name (NetBIOS).