Management of Logs

When you start collecting the logs, information such as the operation dates and times, user names, operation details, and operation results are recorded.
In addition to being able to track the machine operations if any information leakage or trouble occurs, you can also quickly detect unauthorized use of the machine by reviewing and analyzing the collected logs.
For the log types, see the log specifications. Log Type
NOTE
You can enable [Do Not Store Personal Information in Job Log] to prevent the machine from writing personal information to the audit log. [Display Job Log]

Starting to Collect Logs

You can configure the machine to start collecting logs and record the logs.
 
Configure this setting using Remote UI from a computer. You cannot use the control panel to configure the setting.
Administrator privileges are required.
Required Preparations
Enable audit log generation. [Save Audit Log]
Enable the Advanced Box operation log generation. [Save Operation Log]
Check that the log generation for authentication operations performed over the network is enabled. [Retrieve Network Authentication Log]
1
Log in to Remote UI as an administrator. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page
3
Click [Device Management] [Export/Clear Audit Log].
The [Audit Log Information] screen is displayed.
4
In [Audit Log Collection], click [Start].
Log collection is started.
5
Log out from Remote UI.
NOTE
When an Error Occurs
If any error occurs to the storage on the machine while the audit logs are collected, an error screen appears after initialization is performed automatically. Perform the following operations following the instructions on the screen.
If [Download Audit Log] is displayed, click it to retrieve the logs before the error occurrence, and then click [OK].
If [Download Audit Log] is not displayed, just click [OK].
When the initialization is complete, log collection resumes and the automatic initialization process is logged.
Recording of Logs During Sleep Mode
When the power consumption during Sleep Mode is set to [Low], logs are not recorded. [Sleep Mode Energy Use]
When the Log Collection Is Stopped
If the power of the machine is turned OFF due to power outage or other reason while collecting logs, log collection resumes from the last log before the power is turned OFF.

Exporting the Logs Automatically

You can configure the settings to export the logs as a CSV file automatically at a specified time every day and save them on a specified SMB server. Export is executed when the number of logs exceeds 95% of the limit (about 38,000) even before the specified time.
 
Configure this setting using Remote UI from a computer. You cannot use the control panel to configure the setting.
Administrator privileges are required.
Required Preparations
Prepare the information for accessing the SMB server, such as the host name, IP address, and authentication information for the SMB server on which to store the log file.
* Use an SMB server that satisfies the following conditions:
Windows 8 or later, or Windows Server 2012 or later
Support for SMB v3.0 encrypted communication
1
Log in to Remote UI as an administrator. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page
3
Click [Device Management] [Export/Clear Audit Log]  [Settings for Auto Export Audit Logs].
The [Settings for Auto Export Audit Logs] screen is displayed.
4
Select the [Use Auto Export] checkbox.
5
Configure the store location settings for the log file.
1
Enter the user name and password.
In [User Name] and [Password], enter the user name and password for logging in to the SMB server on which to store the log file.
2
Enter the store location for the log file.
In [SMB Server Name], enter the host name or IP address of the SMB server on which to store the log file.
In [Destination Folder Path], enter the path to the folder in which to store the log file.
Specify the path that requires authentication by including it in [SMB Server Name].
Input example:
\\192.168.1.21\share
6
In [Perform At], set the time at which to perform the export operation.
Depending on the usage environment, the export operation may be performed later than the specified time.
7
Click [Check Connection] to verify that you can connect to the configured store location.
8
Click [Update].
The settings are applied.
9
Log out from Remote UI.
NOTE
When the Automatic Export Has Completed
The exported logs are deleted from the machine automatically.
When the automatic export and automatic deletion of the logs are completed successfully, a log of each operation is recorded. If no logs other than these are recorded until the next export execution time, automatic export will not be executed.
When the Automatic Export Has Failed
The process is retried several times. If the process fails even once, an error message appears on the control panel of the machine.
When the Machine Is Not Powered or It Is in Sleep Mode at the Export Execution Time
If the machine is not powered, automatic export is not executed. Even if you turn ON the power again, automatic export will not be executed.
If the machine is in Sleep Mode, automatic export will be executed when the machine recovers from the Sleep Mode.

Exporting the Logs Manually

Export the logs as a CSV file and save them on a computer.
 
Perform manual export using Remote UI from a computer. You cannot use the control panel to export the logs.
Administrator privileges are required.
Required Preparations
Encrypt the communication using TLS or IPSec.
1
Log in to Remote UI as an administrator. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page
3
Click [Device Management] [Export/Clear Audit Log]  [Export Audit Logs].
The [Export Audit Logs] screen is displayed.
4
Click [Export] to save the exported file on a computer.
If you want to delete the exported logs from the machine automatically, select the [Delete logs from device after export] checkbox, and then click [Export].
In this case, if you cancel the export process by clicking [Cancel] while the export is being processed, the logs are deleted from the machine even if the file is not saved.
Log collection is stopped while the export is being processed.
5
Log out from Remote UI.

Deleting the Logs

You can delete all the collected logs from the machine.
* You cannot delete the logs when the automatic export is set.
 
Delete the logs using Remote UI from a computer. You cannot use the control panel to delete the logs.
Administrator privileges are required.
1
Log in to Remote UI as an administrator. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page
3
Click [Device Management] [Export/Clear Audit Log]  [Delete Audit Logs].
The [Delete Audit Logs] screen is displayed.
4
Click [Delete] [Yes].
The logs are deleted.
5
Log out from Remote UI.

Sending the Logs to the SIEM System

You can configure the settings to send Syslog to SIEM, which is a security information and event management system.
By linking the machine with the SIEM system, you can collect various logs in real time and centrally manage and analyze the collected logs.
 
Configure this setting using Remote UI from a computer. You cannot use the control panel to configure the setting.
Administrator privileges are required.
Required Preparations
Prepare the information for accessing the Syslog server, such as the host name, IP address, and port number of the Syslog server.
When you want to encrypt communication with the Syslog server, specify the key and certificate to use for TLS encrypted communication. Using TLS
1
Log in to Remote UI as an administrator. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page
3
Click [Device Management] [Export/Clear Audit Log]  [Syslog Settings].
The [Syslog Settings] screen is displayed.
4
Select the [Use Syslog Send] checkbox.
5
Configure the settings to send Syslog.
[Syslog Server Address]
Enter the host name or IP address of the Syslog server to connect.
[Syslog Server Port Number]
Enter the port number the Syslog server uses for the Syslog communication. If this is left blank, the following port numbers specified by RFC will be set.
UDP: 514
TCP: 1468
TCP (TLS): 6514
[Facility]
Select the log message types to send from the message types specified by RFC.
[Connection Type]
Select [UDP] or [TCP].
[Use TLS]
Select this checkbox when you have selected [TCP] for [Connection Type] and use TLS to encrypt the communication with the Syslog server.
[Confirm TLS Certificate]
Select this checkbox to verify the server certificate when performing TLS encrypted communication with the Syslog server.
To add a Common Name (CN) to the verification items, also select the [Add CN to Verification Items] checkbox.
6
Click [Update].
The settings are applied.
7
Log out from Remote UI.
NOTE
Some logs are sent by Syslog communication after polling every 30 seconds, so there may be a time lag from the occurrence of an error.
The applicable RFC is 5424 (Syslog format), 5425 (TLS), and 5426 (UDP).
A0YC-1UF