- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
View audit logs
Audit logs are retained on the Knox Manage servers for 93 days.
View audit events
To view the log of audit events, complete the following steps:
- Navigate to History > Audit Log.
- Search for the audit logs you want to view.
-
You can search for audit logs by selecting the audit event type and the log period.
- Audit Type — Select the audit event type. Console/Server includes the history of device commands sent from the Admin Portal and the changes made due to batch tasks on the server. Device includes the history of policies applied to mobile devices, device enrollment, and the event occurred on devices, such as revoking the enrollment of the Knox Manage agent.
- Log Date — Select the start and end date of the log period.
- You can also search for audit logs by using the search field. Search within search results is available.
- View the audit logs.
-
The View field displays the request ID. The request ID helps to track how the audit event is applied to a device. The first three letters of the request ID complies with the following rule:
- The first letter — Mobile OS of the device (A for Android, I for iOS, W for Windows)
- The second letter — Application type (A for Android/iOS Knox Manage agent, C for iOS Knox Manage Client)
- The third letter — Start point of the process (S for Server, D for Device)
E.g. AAS — The audit event started from the server and applied to the Knox Manage agent installed on the Android device.
-
The User ID field displays the source of the audit event. If the audit event type is Console/Server, refer to the following information:
-
When the audit event occurs while sending a device command or operating Knox Manage, the administrator's ID is displayed.
-
When a device command is sent, the administrator's ID is displayed.
- When a scheduled task is performed on the server, SYSTEM or the batchuser ID is displayed.
-
-
The View field displays the request ID. The request ID helps to track how the audit event is applied to a device. The first three letters of the request ID complies with the following rule:
- The first letter — Mobile OS of the device (A for Android, I for iOS, W for Windows)
- The second letter — Application type (A for Android/iOS Knox Manage agent, C for iOS Knox Manage Client)
- The third letter — Start point of the process (S for Server, D for Device)
E.g. AAS — The audit event started from the server and applied to the Knox Manage agent installed on the Android device.
- The Device Name field displays the name of the device on which the audit event occurred. If there is no device or the audit event is a scheduled task, blank is displayed.
-
If you can click
in the row of a log, you can view the following information.
Item Description Process Info - Request History — Detailed request of the audit event
- Result Code — The audit event result and its code
- Result History — Detailed result of the audit event. When you change a policy in the Admin Portal, a new event is recorded in the profile category. E.g.) When an Android policy is changed, all policy events to be saved in the request history of Save General Policy are displayed.
Log Data
This information appears only for the following audit events.
- The Server type — Agent Request to lock screen (Device → Server), Agent Request to unlock device (Device → Server), Agent Request for work report (Device → Server), Handle multiple devices by sending device control
- The Device type — Device Lock/Unlock History
- To view the detailed flow of an audit event, click the request ID in the View field.
-
In the Audit Event window, view each audit log.
- The request ID helps track how the audit event is applied to a device. Click to view more details.
View Knox Service Plugin feedback
For Samsung's partners in the Knox Validated Program, the Audit Log page provides you with a history of messages sent by instances of the Knox Service Plugin (KSP) within your device fleet. The plugin, when installed on devices, sends messages related to licensing and policy payloads.
To view Knox Service Plugin feedback in your tenant:
- Go to History > Audit Log.
- Click KSP Feedback to open the feedback log.
-
(Optional) To view which devices sent a message and when, click the number in the Devices column next to the message. The message details opens in a separate dialog.