Decryption Logs display entries for unsuccessful TLS handshakes by default and can display entries for successful TLS handshakes if you enable them in Decryption policy. If you enable entries for successful handshakes, ensure that you have the system resources (log space) for the logs.

Decryption logs include a vast amount of information to help you Troubleshoot and Monitor Decryption and then resolve issues. There are 62 columns of different types of information you can enable in the logs, and you can select any individual log ( , the magnifying glass) and see the details in a single Detail view. You can view certificate, cipher suite, and error information such as: subject common name, issuer common name, root common name, root status, certificate key type and size, certificate start and end date, certificate serial number, certificate fingerprint, TLS version, key exchange algorithm, encryption algorithm, negotiated EC curve, authentication algorithm, SNI, proxy type, errors information (cipher, HSM, resource, resume, protocol, feature, certificate, version), and error indexes (codes that you can look up to get more error information).