Siem Log Configuration

to set log configurations, navigate to siem > siem configuration select the log type and the maximum record limit and save descriptions of log types are given below you can find the sample sent log packages for each type in below parts log type description authlog this log file contains authentication logs of the single connect users when a user login or logout system, authentication log is sent to siem server commandlog all this log file contains the all command, file transfer, key log, and ocr data during sessions commandlog filetransfer this log file contains info about the transferred file during an rdp session commandlog keylog this log file contains the key log during rdp sessions key log contains mouse clicks and keyboard inputs during an rdp session commandlog ocr this log file contains the ocr data during an rdp session eventlog this log file contains the user event in webgui session when the user add/edit/delete an item(user, device, realm, parameter etc ), the log of the done operation is sent to siem server sessionlog this log file contains the session info like the target ip address, start/end time etc tacacslog this log file contains the info about connection to tacacs devices