EndUser Logs

An EndUser log is a record of interactions and activities performed by end users within an application or service. These logs act as a snapshot of valuable information about user behavior, system usage, and application performance. Implementing this within your network can create insight as to how users interact with their applications, can track application performance from the user's perspective, and has the potential to help detect suspicious activities with proper investigation.

Event Details

Description

Date and Time

ISO 8601 format: YYYY-MM-DD T HH:MM:SS:S Example: 2020-11-22T10:58:46.820.

CSP Account

Name of your cloud service account.

Region

Region of the Multicloud Defense Gateway.

Gateway

The Multicloud Defense Gateway involved in the event.

Session ID

The unique identifier assigned to a user's session when they interact with an application or system.

Text

A preview of the text included in the event message. Click an individual message to expand.

Level

The severity or importance of a logged event. This can help categorize and prioritize entries for easy analyzing.

Src IP

Identifier for a VPN session or connection instance.

Dst IP

The destination IP address of a network connection of communication.

Dst Port

The numerical destination port of a network connection or communication.

Payload App Name

The application or component of a system where the user action took place.

Action

The specific operation or event performed by the user within the system.

Policy Name

The name of the policy matching against the user.

Instance Name

The unique identifier or label assigned to that particular instance within an environment.

First Name

The identified first name of the user performing this action.

Last Name

The identified last name of the user performing this action.

Group

The identified group the user performing this action is associated with.

Department

The identified department of the user performing this action.

Method

The action that a client uses to communicate with a server: GET, POST, PUT, DELETE, HEAD, and so on.

URI

The identifying string of the resource being requested from the server.

FQDN

The FQDN of where the logged event originates from.

Category Name

The the name of the category the logged event is associated as.