Audit Log Management

This function enables you to collect/manage the logs stored in the machine with the Remote UI. The administrator can check the collected logs to survey how the machine is being used.

Types of Logs

This function can manage the following logs:
User Authentication Log
This log contains information related to the authentication status of user authentication, and the registering/changing/deleting of user information.
Login/Logout Log
User Authentication Success/Failure Log
Log for the registering/changing of user information managed by SSO-H
Log for Role Management (adding/setting/deleting) by Access Management System
Job Log
This log contains information related to the completion of copy/fax/scan/send/print jobs.
Mail Box Document Operation Log
This log contains information related to the operations performed on data in the Mail Box, the Memory RX Inbox, and the Confidential Fax Inbox.
Mail Box Authentication Log
This log contains information related to the authentication status of the Mail Box, the Memory RX Inbox, and the Confidential Fax Inbox.
Network Connection Log
This log contains information regarded to IPSec communication failures.
Machine Management Log
This log contains information related to the starting/shutting down of the machine and the following management operations:
When is pressed to change the machine settings
When the Device Information Delivery Settings mode is used to change the machine settings
When the time of the machine is set/changed
Log for Audit Log Management
This log contains information related to the exporting/deleting of logs with this function.

Managing Logs

You can use the Remote UI to manage the logs collected from the machine.
IMPORTANT
Please note that Canon will not be held responsible for any damages caused by the use of Audit Log Management or the inability to use Audit Log Management.
The maximum number of logs that can be managed with this function is 20,000, regardless of the type of log. When this maximum number is reached, the oldest logs are erased and overwritten with the new logs.
If Sleep Mode Energy Use is set to [High], logs are not collected when the machine enters the Sleep mode.
The logs described in this section may be collected multiple times by the machine's system processes during user operations.
In order to manage logs, it is necessary to log in to the Remote UI as an administrator.
NOTE
The collected logs and exported logs include items for the Date and Time, User Name, Operation Type, and Result (OK/NG). Job logs also include items related to the job type.
To generate a Network Connection Log, Mail Box Authentication Log, Mail Box/Inbox Document Operation Log, System Management Log, select [Audit Log Retrieval] for [Audit Log Retrieval] in [Device Management] in [Management Settings] (Settings/Registration) → click [OK].

Starting/Stopping Log Collection

You can start or stop log collection. The collected logs are saved as a single audit log file.
1.
Click [Settings/Registration] → [Device Management] → [Export/Clear Audit Log] → [Audit Log Information] → [Start] for <Audit Log Collection>.
NOTE
The saved logs may not be displayed in the order that they are collected.
Log collection is stopped by default.
If you start or stop log collection, this setting is retained until it is changed. The setting does not change when the machine is restarted.
If you stop log collection while logs are being collected, the logs for the period that log collection was stopped are not collected when log collection is next started.

Checking the Number of Saved Logs and the Date/Time They Were Collected/Saved

You can check the number of logs collected from the machine that are saved, and the date/time that they were collected/saved.
1.
Click [Settings/Registration] → [Device Management] → [Export/Clear Audit Log] → [Audit Log Information].
Current Number of Saved Logs:
Displays the number of logs that are currently saved.
Logs Last Collected On:
Displays the date/time that a log was last collected from the machine.
Logs Last Saved On:
Displays the date/time that a log collected from the machine was last saved.

Exporting Collected Logs

You can save the various logs collected from the machine all together to a computer in the CSV format.
The log type numbers indicated in the logs to be exported correspond to the following log types:
4098
User Authentication Log
1001/8193
Job Log
8197
Mail Box Document Operation Log
8199
Mail Box Authentication Log
8200
Network Connection Log
8198
Machine Management Log
3001
Log for Audit Log Management
1.
Click [Settings/Registration] → [Device Management] → [Export/Clear Audit Log].
2.
Click [Export] for <Export Audit Logs>.
To automatically delete the logs after they are exported, select [Delete logs from device after export].
IMPORTANT
If you select [Delete logs from device after export], make sure to select [Store] after clicking [Export]. If you select [Cancel], the logs will be deleted without being saved.
3.
Follow the instructions on the screen to specify the location where you want to save the file.
NOTE
To export the various logs collected from the machine, use SSL or IPSec. To use SSL, set [Use SSL] to 'On' in [Remote UI] in [Management Settings] (Settings/Registration). If you want to use IPSec, see "IPSec Settings."
Log collection is stopped while the export process is being performed.
If the display language setting of the machine is different from when the logs were collected, the file may contain garbled characters when the logs are exported.

Deleting Collected Logs

You can delete all the logs collected from the machine.
1.
Click [Settings/Registration] → [Device Management] → [Export/Clear Audit Log].
2.
Click [Delete] for <Delete Audit Logs>.
3.
Click [OK].

When an Error is Displayed

If you export or delete the logs when an error has occurred in the hard disk managed by this function, the message <Management area of audit logs may have been corrupted because an error occurred. The system will be initialized.> is displayed on the Remote UI.
Click [Initialize] to initialize the function.
IMPORTANT
If initialization is performed, log collection is stopped and all the logs that have been collected are deleted. To continue collecting logs, start log collection again.
0E82-1RS