System events

This article covers how to access and work with system-related events (as opposed to security events). For general best practices related to events, see Events in Deep Security.

To see the system events captured by Deep Security, go to Events & Reports > Events > System Events. For a list of possible system events, see System events.

You can specify which system events will be recorded the on the System Events page and which will be forwarded to a remote computer. For details, see System events settings.

What information is displayed for system events?

These columns can be displayed on the System Events page. You can click Columns to select which columns are displayed in the table.

  • Time: The time according to the system clock on the computer hosting the Deep Security Manager.
  • Level: The severity level of event that occurred. Event levels include Info, Warning, and Error.
  • Event ID: The event type's unique identifier.
  • Event: The name of the event (associated with the event ID.)
  • Tag(s): Any tags attached with the event.
  • Event Origin: The Deep Security component from which the event originated.
  • Target: The system object associated with the event will be identified here. Clicking the object's identification will display the object's properties sheet.
  • Action Performed By: If the event was initiated by a user, that user's username will be displayed here. Clicking the username will display the User Properties window.
  • Manager: The hostname of the Deep Security Manager computer.

See details about an event

Double-clicking an event (or right-clicking an event and clicking View) displays a window that contains additional information about the event. The Tags tab displays tags that have been attached to this event. For more information on event tagging, see Apply tags to identify and group events.

Find a particular event

You can use the lists at the top of each events page to filter and group the events. Select the values that you want to filter for and then click the large search button on the right side to apply the filter. You can also use the search bar in the upper-right corner to search for a specific event.

To perform an advanced search, click the arrow in the Search bar and select Open Advanced Search.

The Period setting lets you filter the list to display only those events that occurred within a specific time-frame.

The Computers setting lets you organize the display of event log entries by computer, computer groups or policies.

Advanced Search functions (searches are not case sensitive):

  • Contains: The entry in the selected column contains the search string
  • Does Not Contain: The entry in the selected column does not contain the search string
  • Equals: The entry in the selected column exactly matches the search string
  • Does Not Equal: The entry in the selected column does not exactly match the search string
  • In: The entry in the selected column exactly matches one of the comma-separated search string entries
  • Not In: The entry in the selected column does not exactly match any of the comma-separated search string entries

Pressing the "plus" button (+) to the right of the search bar will display an additional search bar so you can apply multiple parameters to your search. When your search parameters are ready, click the large blue arrow on the right side.

Export a list of events

Clicking Export exports all or selected events to a CSV file.

Tag events

Clicking Auto-Tagging displays a list of existing auto-tagging rules that have been applied to the events. You can also right-click an event to manually add or remove tags. (See Apply tags to identify and group events.)