Configuration - Resolving Lack of Audit Log Data Due to DeviceLock Audit Rule Settings
DESCRIPTION‘Audit Read’ and ‘Audit Write’ options are enabled for a selected port or device type, but no information is logged to Audit log.
COMMENTSThe issue indicates that neither ‘Audit Allowed’, nor ‘Audit Denied’ is configured to be performed for user activity for a selected port, or device type, which makes current logging configuration improper, resulting in no events logged.
RECOMMENDATIONSMake sure you checked the ‘Audit Allowed’, ‘Audit Denied’, or both flags when configuring audit rules for a selected port, or device type.
Note, that on USB Port level, logging is disabled for white-listed devices, as well as for devices, that are not controlled due to ‘Security Settings’ configuration (excluding the class a device belongs to from controlled device classes list).