- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- White paper
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Migrate from Knox E-FOTA Advanced to Knox E-FOTA One
- Knox E-FOTA Advanced
- Knox E-FOTA on MDM
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
View audit logs
To view the log of audit events, complete the following steps:
1. Navigate to History > Audit Log.
2. Search for the audit logs you want to view.
- You can search for audit logs by selecting the audit event type and the log period.
- Audit Type: Select the audit event type. Console/Server includes the history of device commands sent from the Admin Portal and the changes made due to batch tasks on the server. Device includes the history of policies applied to mobile devices, device enrollment, and the event occurred on devices, such as revoking the enrollment of the Knox Manage agent.
- Log Date: Select the start and end date of the log period.
- You can also search for audit logs by using the search field. Search within search results is available.
3. View the audit logs.
-
The View field displays the request ID. The request ID helps to track how the audit event is applied to a device. The first three letters of the request ID complies with the following rule:
- The first letter: Mobile OS of the device (A: Android, I: iOS, W: Windows)
- The second letter: Application type (A: Android/iOS Knox Manage agent, C: iOS Knox Manage Client)
- The third letter: Start point of the process (S: Server, D: Device)
E.g. AAS: The audit event started from the server and applied to the Knox Manage agent installed on the Android device.
-
The User ID field displays the source of the audit event. If the audit event type is Console/Server, refer to the following information:
-
When the audit event occurs while sending a device command or operating Knox Manage, the administrator’s ID is displayed.
-
When a device command is sent, the administrator’s ID is displayed.
-
When a scheduled task is performed on the server, “SYSTEM” or the batchuser ID is displayed.
-
- The View field displays the request ID. The request ID helps to track how the audit event is applied to a device. The first three letters of the request ID complies with the following rule:
- The first letter: Mobile OS of the device (A: Android, I: iOS, W: Windows)
- The second letter: Application type (A: Android/iOS Knox Manage agent, C: iOS Knox Manage Client)
- The third letter: Start point of the process (S: Server, D: Device)
E.g. AAS: The audit event started from the server and applied to the Knox Manage agent installed on the Android device.
- The Device Name field displays the name of the device on which the audit event occurred. If there is no device or the audit event is a scheduled task, blank is displayed.
- If you can click
in the row of a log, you can view the following information.
Item |
Description |
---|---|
Process Info |
|
Log Data |
This information appears only for the following audit events.
|
4. To view the detailed flow of an audit event, click the request ID in the View field.
5. In the “Audit Event” window, view each audit log.
- The request ID helps track how the audit event is applied to a device. Click to view more details.