LOGS - AUDIT LOGS
This menu is not available on firewalls that are not equipped with storage media.
The Logs - Audit logs module allows you to read logs generated by appliances and stored locally. These logs are grouped by views, i.e., by alarm, connection, web log, etc. Advanced filters make it possible to analyze logs even deeper.
For the purpose of compliance with the European GDPR (General Data Protection Regulation), personal data (user name, source IP address, source name, source MAC address) is no longer displayed in logs and reports and have been replaced with the term "Anonymized".
To view such data, the administrator must then enable the "Logs: full access" privilege by clicking on "Logs: limited access" (upper banner of the web administration interface), then by entering an authorization code obtained from the administrator's supervisor (see the section Administrators > Ticket management). This code is valid for a limited period defined at the moment of its creation.
To release this privilege, the administrator must click on "Logs: full access" in the upper banner of the web administration interface, then click on "Release" in the dialog box that appears.
After a privilege is obtained or released, data must be refreshed.
Please note that every time a "Logs: full access" privilege is obtained or released, it will generate an entry in logs.
For more collaborative security, in just one click within a view, the level of protection on a host can now be increased. An interactive feature will allow you to add hosts to a pre-set group and assign a strengthened protection profile or specific filter rules to them (quarantine zones, restricted access, etc.).
For further information, please refer to the Technical Note Collaborative security.
Storage device: SD Card
The External log storage on SD card feature is available on SN160(W), SN210(W) and SN310 models. This feature is offered with a subscription to the “External storage” option.
The type of SD card must be at least Class 10 (C10) UHS Class 1 (U1) or App Performance 1 (A1), in SDHC or SDXC standard.
The memory card must be in a full-size physical SD format. Only adapters provided with the card must be used.
Stormshield recommends the use of high-endurance/industrial cards or preferably, those that have a built-in MLC flash chip developed by major brands (e.g., SanDisk, Western Digital, Innodisk, Transcend, etc.) and with at least 32 GB of memory. The maximum memory supported is 2 TB.
Storing logs on an external medium can only be done on an SD card. This service is not compatible with other storage media such as a USB key or an external hard disk.
For more information, refer to the Guide PRESENTATION AND INSTALLATION OF STORMSHIELD NETWORK PRODUCTS SN Range, available on Stormshield's Technical Documentation website.