Decryption logs display entries for unsuccessful TLS handshakes by default and can display entries for successful TLS handshakes if you enable this option in decryption policy rules. If you enable entries for successful handshakes, make sure that you have the system resources (log space) for the logs.

Decryption logs include a vast amount of information to help you troubleshoot decryption and monitor decryption activity. There are 62 columns of different types of information you can enable in the logs, and you can select any individual log ( , magnifying glass) and see the details in a single Detail view. You can view certificate, cipher suite, and error information such as: subject common name, issuer common name, root common name, root status, certificate key type and size, certificate start and end date, certificate serial number, certificate fingerprint, TLS version, key exchange algorithm, encryption algorithm, negotiated EC curve, authentication algorithm, SNI, proxy type, errors information (cipher, HSM, resource, resume, protocol, feature, certificate, version), and error indexes (codes that you can look up to get more error information).