How to check event log on Sophos SafeGuard

Overview

  • In this article, we will emulate user activity, then we will use SafeGuard Management Center to check and see the actions.

Scenario

  • We will create Microsoft Word Document on Client 1 , Client 2, Client 3.
  • Perform Microsoft Word Document manual encryption and then perform Microsoft Word Document manual decryption on Client 1, Client 2, Client 3.
  • Use SafeGuard Management Center to check the encprytion actions that have just happened on Client 1, Client 2, Client 3.
  • Check to see what file the name is encrypted/decrypted, the path of the file, who made it…..

What to do

Configuring

On Client 1-2-3

  • Right-click on Desktop > New > Microsoft Word Document.
  • Right-click on Microsoft Word Document > SafeGuard File Encryption > Encrypt selected file > choose Encrypt.
  • Now, the file has been encrypted.
  • Right-click on Microsoft Word Document > SafeGuard File Encryption > Decrypt selected file > choose Decrypt.
  • Now, the file has been decrypted.

On SafeGuard Server

  • Open SafeGuard Management Center, login admin with your username and password.
  • Click Report > File Tracking Management.
  • Click the magnifying glass icon in the “File Tracking Management” pane.
  • Drag the Event ID column header Into the gray area where it says ‘Drag a column header here to group by that column’.
  • This group the list by Event ID.
  • As seen, action of encrypt and decrypt file has been recorded, we can know whether the file is encrypted or decrypted, who made it, the path of the file, name the computer, name the user, which time it occurred …

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.