Orchestrator components run in a Docker environment, therefore the event log is saved by Docker in accordance with the settings specified by the system administrator, such as:
Log storage format
Location of the logs (for example, locally or on a syslog server)
Log rotation policy
Maximum size of log files
The administrator can manage the access permissions of logs using the tools of the operating system on which Docker is installed.
The log files contain the following general information:
Name of the standard input/output stream from which the message was received
Time when the event occurred
ID of the component that triggered the event
Severity of the event (informational, warning, critical, error)
Description of the event associated with the execution of the command by the component, and the result of the execution of this command
In addition to general information, the following information can also be stored in log files:
Statuses of software components and the data they work on
Information about user actions in the graphical interface
Information about the configuration of NGFW devices connected to a centralized management system
Information about the operational status of NGFW devices, their hardware and software components