> For the complete documentation index, see [llms.txt](https://eaclouddoc.eauditor.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-logs-logs.md).

# DLP Logs (Logs)

View **Logs** in the system allows viewing events related to automation and data protection (DLP). This central location enables administrators to monitor operations, analyze activity, and retrieve detailed information about logs related to policies, rules, and events in the IT infrastructure.

## **Logs**

### **Widgets at the top of the screen**

* **Users by risk:**
  * Displays a list of users with the highest risk scores in the selected period (default: 7 days). Each risk bar shows which rules contribute to the risk score.
* **Recent Media**:
  * Overview of recently recorded media, such as screen recordings or screenshots. Clicking the preview enlarges the view.

### **Log table**

The table contains detailed information about events. Clicking a row expands the details of the selected log.

{% hint style="info" %}
The bar color indicates the current load or risk level:

<mark style="color:$success;">**Green (0–33%)**</mark> – within normal range, healthy state.

<mark style="color:yellow;">**Yellow (34–66%)**</mark> – warning level, monitoring or preventive action recommended.

<mark style="color:red;">**Red (67–100%)**</mark> – critical state, requires immediate response.
{% endhint %}

### **Columns in the table**

Each column contains information configured during rule creation within the automation or data protection policy:

* **Policy** – The name of the policy from which the log originates.
* **Rule** – The name of the rule that generated the event.
* **Risk** – The risk value for the given log (e.g., 92/100).
* **Log date** – The date and time the log was generated.
* **Logged in** – The username to which the log applies.
* **Computer** – The name of the device from which the log originates.
* **Operation** – The action triggered by the rule, e.g., “Copy” (copying a file).
* **Process** – The name of the process associated with the event, e.g., “chrome.exe”.
* **File** – The name of the file that was part of the event.
* **Source** – The source location of the file.
* **Target** – The location to which the file was moved or copied.
* **Source device -** The device from which the file originated, e.g., local disk, USB.
* **Target device -** The device to which the file was copied or moved.
* **Source type -** The type of source medium, e.g., local disk, network share, USB.
* **Target type -** The type of target medium, e.g., USB, network share.
* **Process path -** The full path to the process executable file.
* **Target file -** The file name after the operation, if different from the source file.
* **Online -** Information on whether the device is online.
* **LogID -** the unique log identifier in the system.
* **Screenshot available -** Information on whether a graphical recording is available for the given event.
* **Recording available -** Information on whether a video recording documenting activity during the incident is available.
* **Host ID -** The unique identifier of the source computer in the system.
* **Target device ID -** The identifier of the target device.
* **Device ID -** The identifier of the source device.

### **Expandable row details**

Clicking a log row opens a detailed view that contains the elements described below.

<figure><img src="/files/02f6f32fb1679a9186272aec6eeffe020a820fae" alt="" width="375"><figcaption></figcaption></figure>

### **Media**:

* **Screen recording**: Preview of the recording captured at the moment of the event. Clicking opens the recording in full screen.
* **Screenshot**: Screenshot captured at the moment of the event. Clicking enlarges the image.

<figure><img src="/files/b5a6f5ba2e269cd48d7d512e929def27c7edf57a" alt="" width="375"><figcaption></figcaption></figure>

### **Notifications**:

* Information about sent notifications, e.g., email or an alert for the end user.

#### **Action**:

* List of actions performed as part of the rule, e.g., “Screen recording, Screenshot, Task, Turn off PC”.

#### **Description**:

* Information about which rule was violated or executed.

#### **Task result**:

* Link **Read the full Log** that provides access to the full log with additional operation details.

{% hint style="info" %}
If the given elements have not been configured or are not available, the field will remain empty or the message will be displayed **Insufficient data**.
{% endhint %}

### **Additional features**

#### **Downloading logs**:

Selecting rows in the table and clicking the “Download” icon (down arrow above the table) allows media from the selected logs to be downloaded as a file.

#### **Filtering and searching**:

The user can filter logs by any column or use the search field to find a specific event.

The log view is an important analytical tool that enables administrators to track user activity, monitor violations, and analyze the effectiveness of policies in the organization.

## **Relationships**

The tab **Relationships** shows which security policies and rules are enabled and to which users and computers they are assigned.

To open this view, go to: **Data Protection -> Logs -> Relationships**.

The tab provides two views:

* **Computers**
* **Users**

In the **Computers** view, a list of all computers to which at least one security policy has been assigned is displayed. Next to the computer name, a **red exclamation mark in a circle** - it means that the policies on this device have not yet been updated and are running an older version.&#x20;

{% hint style="info" %}
Even in this case, they remain active, also when the computer is offline.
{% endhint %}

On the right side of each computer, all security rules active on the given device are visible. If the list of rules does not fit in the window, information is displayed at the end in the format **+ \[number] others**, *for example **+1 others**.*

View **Users** works similarly to the computer view, but it refers to users. For each user, the assigned security rules are displayed.

<figure><img src="/files/9a00679836765c35e6aaf5319a0920e41c5e23bc" alt="" width="375"><figcaption></figcaption></figure>

The system allows data to be filtered:

* by user,
* by policy.

The relationships view can be displayed as **tiles** or **a dropdown list**. Switching between these modes is located in the **upper-right corner of the table**.

<figure><img src="/files/32cab8545bfa4ea0182db7164aab2d00b821e81a" alt="" width="375"><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-logs-logs.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.