These logs are created on the CMS only. They record the outcome each time a user policy trigger fires. The log includes both event-level and trigger-level entries.
A key feature of these of log entries is that they include an event URL to display the incident in the iConsole. Administrators can use this URL to view the incident (for example, a captured e-mail) in the iConsole, plus any attachments and a summary of the policy that was applied.
Only one of these messages is logged for each event, regardless of how many triggers the event causes to fire. They are structured as follows:
<Associated user> <Message ID> <User action> <Policy outcome> <Event severity> <Machine name> <Event ID> <Event URL>
Where:
Is the primary participant of an event, for example, the sender of an outgoing e-mail.
Is a code that identifies the message type (event-level or trigger-level) and severity.
Briefly describes what the user did (for example, 'The user sent an e-mail') or the event type (such as 'Scanned file') .
Summarizes the outcome of policy processing. For example, CA DataMinder blocked the e-mail or warned the sender.
Indicates which severity band the event is assigned to (Low, Medium or High).
Indicates the source machine. For example, this could be the machine from which an e-mail was sent.
Uniquely identifies a captured or imported event in the CMS database.
Provides a URL to display the event in the iConsole. Users can browse to this URL to view the event in the iConsole.
For each trigger that fires, a log message records these details:
<Associated user> <Message ID> <Trigger name> <Event severity> <Event ID> <Event URL>
Where:
Identifies which policy trigger activated.
Other message details are the same as for error-level messages—see above.
|
Copyright © 2014 CA.
All rights reserved.
|
|