Knowledgebase
DLP logs
Posted by , Last modified by Štěpán Horký on 11 June 2019 03:31 PM

Logs available in File Auditor

  • create file
  • open file
  • copy/move file between different storages (local drive, external drive, network share…)
  • copy/move file to synced cloud drive
  • delete file
  • web upload
  • web download
  • IM - Send file
  • FTP transfer
  • folder operations
    • empty folders and files within the folder are not logged
    • folder operations are only logged within the same storage; when moving folders between storages, individual file operations are logged
    • logged operations:
      • copy/move folder
      • delete folder
      • rename folder

The following operations are logged for file extensions specified in File Auditor's advanced settings:

  • copy/move file within the same storage (local drive, external drive, network share…)
  • rename file

Logs available in DLP logs

  • open file
  • copy/move file between different storages (local drive, external drive, network share…)
  • copy/move file to synced cloud drive
  • print
  • burning
  • virtual printing
  • e-mail
  • web upload
  • IM - Send file

Only individual file operations appear in DLP logs, folder operations are only included in File Auditor.


When are actions logged in DLP logs?

Actions are logged when:

  • the action is specified as a rule in at least one DLP policy (both "allowed" and "restricted" setting are logged)
  • open file is logged when a DLP policy restriction has been applied to the application which is opening the file

Operations with sensitive or classified data might be interesting even when there is no policy protecting them. Therefore, these data categories are logged when:

  • either of the general rules above applies
  • at least one DLP policy rule exists for the data category, all outgoing data channels are logged: upload, e-mail, instant messaging, external devices, cloud drives

Note: Clipboard and screen capture policy rules do not generate any logs because these user actions cannot be accurately detected. See this article for more information.