Auditing & Shadowing View


 

These parameters allow you to tune up auditing and shadowing for DeviceLock Service.

 

- Local storage directory - allows you to define where on the local disk cached data (for shadowing and content analysis) is stored.  

 

- Enable local storage quota - enable this parameter to allow automatic cleanup of the locally stored cached data (for shadowing and content analysis). When this parameter is enabled you can also configure Cleanup files older than (days) and Local storage quota (%) parameters (see below). 

 

- Cleanup files older than (days) - allows you to define the number of days that should pass before cached data (for shadowing and content analysis) can be automatically deleted from the local storage.

 

- Local storage quota (%) - allows you to define a disk quota for cached data (for shadowing and content analysis).

 

- Shadow zero-length files - enable this parameter to allow shadowing of files whose size is zero. Even if the file contains no data at all, it is still possible to transfer some information in its name and path (up to several kilobytes) that's why you may need to enable shadowing for zero-length files.

 

- Audit folder operations  - enable this parameter to turn on audit logging of events associated with operations on folders, such as creating (writing), renaming, reading (opening), and deleting folders. When this parameter is disabled, all events associated with folder operations will be excluded from auditing.

 

- Prevent data transfer on errors - by enabling this parameter, you can prevent users from writing data when shadowing or content analysis is not possible. You can be sure that users can transfer information only when shadowing and Ă‘ontent-Aware Rules are working normally (e.g. there is enough local disk space to store cached data). When the Prevent data transfer on errors parameter is enabled, the total size of the directory specified in the Local storage directory parameter reaches the quota specified in Local storage quota (%) and there is no data that can be deleted, DeviceLock Service stops shadowing and content analysis and blocks any user attempt to copy the data.

 

- Audit Log Type - allows you to define what log should be used to store audit records.

 

- Audit Log Settings - allows you to specify the maximum size of the audit log and overwrite options. 

 

- Audit log threshold for file operations (seconds) - allows you to specify the time threshold, in seconds, used for consolidation of repetitive events associated with file operations. The default is 1200 seconds. After this amount of time passes without new repetitive events being recorded, multiple repetitive events are combined into a single summary event.

 

- Transfer shadow data to server - allows you to to set options for transfer of shadow data to DeviceLock Enterprise Server.

 

In DeviceLock Group Policy Manager, if you want to reset these parameters to the unconfigured state, select Undefine from the context menu.