Finding logged data through filtering¶
The Event Log shows a list of all events logged as a result of either user actions or TLS Protect Cloud operational activities.
You can select and combine pre-built filters to quickly filter out logged events that don't match your filter criteria. For example, you could enter a specific user name to see all events that include that user within the event text. Or you could enter the search term login to filter the list down to only those items that include "login".
But you can also filter the list by using one or more pre-built filters.
To filter event logs using pre-built filters¶
- In TLS Protect Cloud, click Settings > Event Log.
- Click +, and then select one or more filters from the list.
- Click each filter's drop-down list to select one or more sub-filters.
- After you've added the filters you need, click Apply Filter.
Example: Filtering for failed login attempts
Here's a quick reference for common tasks using pre-built filters:
|Event Log Filter Category
|Check for login failures, password changes, or if SSO is enabled.
|Find a user or IP address, check if a password reset is required.
|See a list of api keys created with a timestamp.
|Show applications deleted and who performed the action.
|See a list of certificates issued and who the certificates were issued to.
|Show list of certificates retired.
|Certificate Validation Finished
|See a list of when a certificate validation is finished, including validation status.
|Retrieve a list of recent login failures.
|See a list of machines created showing the user who performed the action, the machine's name, ID, and type.
|Machine Identity Provisioning Started
|See a list of machines that have started the provisioning process, showing the user who performed the action, the machine identity ID, the name of the certificate assigned to the machine identity, and the machine's name and ID.
|User Role Changed
|Show user role changes, indicating new role names.
|App Server Types, Applications, Authentication, Certificate Authority, Certificates, Credential Management, Discovery Service Configuration, Discovery, Issuing Templates, Notifications, Platform Security, Provisioning, Teams, Trusted Certificates, User Security, User Settings, Users, VSatellite Workers, VSatellites
|Search for events associated with specific event types. For example, select Provisioning to view events such as Machine Created, Machine Updated, Machine Deleted, Machine Identity Created, Machine Identity Updated, Machine Identity Deleted, Machine Identity Provisioning Started, Machine Identity Installed, and Machine Identity Provisioning Finished.
|7, 14, 30 days
|List any events in the last 7, 14, or 30 days.