65728: Acronis DeviceLock DLP: Configuration - Resolving Lack of Audit Log Data Due to "Audit Log Type" Setting

use Google Translate

Applies to: 

Last update: 20-01-2021

Description

When connected to client via DeviceLock Management Console, the Audit Log Viewer module displays no new records, or is empty. Scanning a computer with 'Audit Log Viewer' plug-in of DeviceLock Enterprise Manager displays 'Log is empty' message or does not contain new records.

Comments

The issue indicates that the 'Audit Log Type' parameter has been configured incorrectly. There are two types of Audit Log in DeviceLock: 1. Event Log, and 2. DeviceLock Log. The first one is used for logging events locally, while the second one is sent to DeviceLock Enterprise Server and its data is not displayed in the Audit Log when connected to a client via DeviceLock Management Console or DeviceLock Enterprise Manager.

Recommendations

To view audit log on each client computer, the 'Event Log' type should be used. Make sure the 'Audit Log Type' parameter in 'Service Options' -> 'Auditing & Shadowing' is set to 'Event Log', or to 'Event Log & DeviceLock Log'.