Cloud Workload Protection

Expand all | Collapse all

About Audit Logs

  • 1.  About Audit Logs

    Posted 08-13-2019 12:20 AM

    Hi, all

     

    I have a question about Cloud Workload Protection for Storage. I'm using CWP for Storage with AWS.

    I'd like to know the specification of audit logs.

     

    When I loged on the CWP Console, audit logs are displayed on the console. For example, there are message on the console 'User xxxx logged on.'

    However, the message is not saved in CloudWatch.

     

    How long is the audit log save? Is it 90days?

    And, is there a way to save the audit logs in CloudWatch?

     

    Thanks.



  • 2.  RE: About Audit Logs

    Posted 08-13-2019 05:06 AM

    Hi Junki,

    Have you checked out these TNs around pushing logs to CloudWatch?

    https://support.symantec.com/us/en/article.HOWTO130286.html

    https://support.symantec.com/us/en/article.HOWTO130289.html

    https://support.symantec.com/us/en/article.HOWTO130366.html

    Thanks!



  • 3.  RE: About Audit Logs

    Posted 08-16-2019 04:10 AM

    Hi CraigEV,

    Thank you for your answer.

     

    I read these articles.

    I understood that SCWP has 3 type logs (Scan logs, Violation logs, Statistic logs).

    And these logs include data about policy violations, actions, health status, and statistics, but these logs don't include data about 'logged on' and 'logged off'.

     

    So, I think audit log is not saved in CloudWatch. And the audit log saved only 90 days.

     

    Thanks.