Menu

View alerts

To view the alerts of audit events, complete the following steps:

1. Navigate to History > Alert.

2. On the “Alert” page, enter a device name, select an alert type, event type, audit event, level of alert, log date, and set the period, and then click Search.

3. Click the alert you want to view.

  • There are four categories of alerts:
    • Failed Policies: Informs you that sent device commands or policies are not applied to devices.
    • Changes in Device Status: Informs you of the device’s status change to Disconnected. In this case, you cannot control the device because the Keepalive settings are expired and the device does not communicate with the Knox Manage server.
    • Security Violation: Informs you of devices on which security violations have been detected during periodical device inspection.
    • Others: Informs you of the occurrence of other types of audit events.

4. On the “Audit Log Detail” area, view the detailed information about the audit event.

  • The necessary actions you must take according to the alert category are as follows:

Alert category

Description

Failed Policies
  • If you cannot click the mobile ID on the alert list, it means the device’s status is Unenrolled, Provisioning, or Disconnected and the policies are not applied. Check the device’s status in Device.
  • If you see a log message about APNs or FCM in the “Log Detail” area, it means the Public Push value is not registered. Register an APNs certificate in Setting > iOS > APNs Setting. To configure the FCM settings, contact a TMS administrator.

Changes in Device Status

Click the mobile ID of the disconnected device and check the Keepalive status. Also, tell the device user to check the device’s network connection status. The violation of Keepalive is detected when the connection of the device and the server is lost longer than the time set in the Keepalive settings.

Security Violation
  • View the name of the package or application reported as the cause of the problem in the “Log Detail” area and uninstall the package or application.
  • When the device’s status is Disconnected, the audit event “Agent Request to report policy violation” occurs. In Service Overview > Log and Event > Audit Log, search for and view the audit log to find out the cause of the disconnection.