Viewing the audit log

Kaspersky IoT Secure Gateway 1000 saves events related to system security in the audit log.

When an event with critical severity occurs, contact the employee responsible for data security in your organization.

Exporting an audit log on the local computer will result in deletion of the audit log from the system.

To view the audit log:

1. In the menu in the left part of the web interface page, select the Audit section.

   This opens the System security audit section that displays a table containing system security events. The following information is displayed for each audit log entry:

   •  – severity of the event.
   • Title – detailed information about the registered event, such as modified firewall settings.
   • Entity – name of the architectural component of Kaspersky IoT Secure Gateway 1000 that registered the particular event.
   • Date and time – date and time when the event was registered.
2. If you want the table to hide events that have a specific severity level, click the icon of the relevant severity level icon above the table.

   Events with this severity level will be hidden in the System security audit table, and the button containing the severity level icon will no longer be highlighted. If you need the table to display events that were hidden, click the button containing the icon of the relevant severity level (the button will be highlighted in blue again).

3. If you need to hide events that were registered by a specific entity, click the button containing the entity name above the table.

   Events that were registered by this entity will be hidden in the System security audit table, and the button containing the entity name will no longer be highlighted. If you need the table to display events that were filtered out of the display, click the button containing the name of the relevant entity again (the button will be highlighted in blue again).

4. If you need to select a specific period for displaying events, select one of the following values in the Period drop-down list:
   • All periods.
   • Last day.
   • Last week.
   • Last month.
5. If you need to sort events in the table, click the header of the relevant column. For example, to sort events by description, click on the header of the Title column.
6. If you need to enable automatic updates of event log entries on the page, set the Auto-update toggle button to the enabled position.

   If Auto-update is disabled, the page displays only those events that were in the audit log when the Audit section was opened. Auto-update is disabled by default.

   If you need to view information about audit log settings, in the System security audit section, move your mouse cursor over the  icon in the upper part of the window.

   This opens a window containing the following information:

   • Total entries – current number of entries in the audit log.
   • Maximum – maximum number of entries in the audit log.
   • Policy – audit log entry maintenance policy:
     • Cyclical – when the audit log is overfilled, new entries will overwrite old entries.
     • Limited – when the audit log is overfilled, the system stops.

   Audit log settings are configured by Kaspersky experts when building Kaspersky IoT Secure Gateway 1000 and cannot be changed through the Kaspersky IoT Secure Gateway 1000 web interface.