Authentication Logs

Authentication logs display information about authentication events that occur when end users try to access network resources for which access is controlled by Authentication Policy rules. You can use this information to help troubleshoot access issues and to adjust your Authentication policy as needed. In conjunction with correlation objects, you can also use Authentication logs to identify suspicious activity on your network, such as brute force attacks.
Optionally, you can configure Authentication rules to log timeout events. These timeouts relate to the period when a user need authenticate for a resource only once but can access it repeatedly. Seeing information about the timeouts helps you decide if and how to adjust them (for details, see Authentication Timestamps).
System logs record authentication events relating to GlobalProtect and to administrator access to the web interface.

Related Documentation