This article applies to:
- Marshal EndPoint Security
Question:
- I am finding the Audit Log is not accurate when it comes to logging Authorised accesses or Blocked accesses.
- What is logged in the Audit Log?
Reply:
EndPoint Security logs connections/insertions of a device, not accesses. If a device was accessed 3 times but only inserted once then only one alert is generated.
The update for audit logging is done at the point of insertion, so the administrator gets real time notification, regardless of the client update interval.